Hi Ben,
MITRE did assign the following:
On Thu, Feb 22, 2018 at 05:38:16PM +0100, Ben Hutchings wrote:
> > > 1. #890548
> >
> > This one has CVE-2018-7186.
> >
> > > 2. Incomplete fix for #889759 / CVE-2018-3836
CVE-2018-7440
> > > 3. Similar issue to #889759 / CVE-2018-3836, "/" is not
El 23/02/18 a las 10:08, Jeff Breidenbach escribió:
> >So these files should be also removed from the package in wheezy and jessie?
>
> Yes.
Sorry if my previous message was maybe too brief.
It is not common to remove a file from the packages of a released debian
suite. I find it surprising
>So these files should be also removed from the package in wheezy and
jessie?
Yes.
Security team: sorry for the lack of context in the message. Please see
https://lists.debian.org/debian-lts/2018/02/msg00054.html and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830660
El 22/02/18 a las 22:35, Jeff Breidenbach escribió:
>These binaries were removed in #830660.
>>$
Dear Security & LTS Teams,
FreeXL 1.0.5 was released yesterday, it fixes various heap-buffer-overflows:
- heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST
