Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c602bf6f by Sylvain Beucler at 2022-04-07T18:21:02+02:00
lrzip: reference CVE-2017-884X unimportant issues fixed by DLA single patch
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -309310,6 +309310,7 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users
to gain root privileges by
CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of
changing a pa ...)
NOT-FOR-US: Allen Disk
CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so
in lrz ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (unimportant; bug #863145)
NOTE: https://github.com/ckolivas/lrzip/issues/67
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
@@ -309322,6 +309323,7 @@ CVE-2017-8846 (The read_stream function in stream.c
in liblrzip.so in lrzip 0.63
NOTE: https://github.com/ckolivas/lrzip/issues/71
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as
used in lr ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (unimportant; bug #863151)
NOTE: https://github.com/ckolivas/lrzip/issues/68
NOTE:
https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
@@ -309336,14 +309338,18 @@ CVE-2017-8844 (The read_1g function in stream.c in
liblrzip.so in lrzip 0.631 al
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
NOTE:
https://github.com/ckolivas/lrzip/commit/dc57230636fe8da068674e1023b2f07c593ec21b
(v0.640)
CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip
0.631 al ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (unimportant; bug #863155)
NOTE: https://github.com/ckolivas/lrzip/issues/69
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
+ NOTE:
https://github.com/ckolivas/lrzip/commit/cd456aa70e1f9b6769454ab4f8198e1551c33c49
(v0.640)
NOTE: Crash in CLI tool, no security implications
CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so
in lrz ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (unimportant; bug #863156)
NOTE: https://github.com/ckolivas/lrzip/issues/66
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
+ NOTE:
https://github.com/ckolivas/lrzip/commit/38386bd482c0a8102a79958cb3eddcb97a167ca3
(v0.640)
NOTE: Crash in CLI tool, no security implications
CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380,
580, 710, ...)
NOT-FOR-US: Peplink Balance devices
=====================================
data/DLA/list
=====================================
@@ -753,7 +753,7 @@
{CVE-2020-13933 CVE-2020-17510}
[stretch] - shiro 1.3.2-1+deb9u2
[01 Aug 2021] DLA-2725-1 lrzip - security update
- {CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650
CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496}
+ {CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846
CVE-2017-8847 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747
CVE-2018-5786 CVE-2018-10685 CVE-2018-11496}
[stretch] - lrzip 0.631-1+deb9u1
[01 Aug 2021] DLA-2724-1 condor - security update
{CVE-2019-18823}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
