Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: c602bf6f by Sylvain Beucler at 2022-04-07T18:21:02+02:00 lrzip: reference CVE-2017-884X unimportant issues fixed by DLA single patch - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -309310,6 +309310,7 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a pa ...) NOT-FOR-US: Allen Disk CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863145) NOTE: https://github.com/ckolivas/lrzip/issues/67 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ @@ -309322,6 +309323,7 @@ CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.63 NOTE: https://github.com/ckolivas/lrzip/issues/71 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863151) NOTE: https://github.com/ckolivas/lrzip/issues/68 NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f @@ -309336,14 +309338,18 @@ CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 al NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ NOTE: https://github.com/ckolivas/lrzip/commit/dc57230636fe8da068674e1023b2f07c593ec21b (v0.640) CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863155) NOTE: https://github.com/ckolivas/lrzip/issues/69 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/ + NOTE: https://github.com/ckolivas/lrzip/commit/cd456aa70e1f9b6769454ab4f8198e1551c33c49 (v0.640) NOTE: Crash in CLI tool, no security implications CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863156) NOTE: https://github.com/ckolivas/lrzip/issues/66 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ + NOTE: https://github.com/ckolivas/lrzip/commit/38386bd482c0a8102a79958cb3eddcb97a167ca3 (v0.640) NOTE: Crash in CLI tool, no security implications CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...) NOT-FOR-US: Peplink Balance devices ===================================== data/DLA/list ===================================== @@ -753,7 +753,7 @@ {CVE-2020-13933 CVE-2020-17510} [stretch] - shiro 1.3.2-1+deb9u2 [01 Aug 2021] DLA-2725-1 lrzip - security update - {CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496} + {CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846 CVE-2017-8847 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496} [stretch] - lrzip 0.631-1+deb9u1 [01 Aug 2021] DLA-2724-1 condor - security update {CVE-2019-18823} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits