Antoine Beaupré pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
958c1045 by Antoine Beaupré at 2018-04-11T09:42:48-04:00
triage nmap out of jessie and wheezy: vulnerable code introduced later
- - - - -
127100fa by Antoine Beaupré at 2018-04-11T09:44:34-04:00
follow jessie and no-dla for mysql (postponed) and zsh (minor)
- - - - -
69be5443 by Antoine Beaupré at 2018-04-11T09:44:47-04:00
squirrelmail should be doable in lts
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -410,7 +410,9 @@ CVE-2018-1000164 [Improper neutralization of CRLF Sequences
http/wsgi.py:process
CVE-2018-1000161 [directory traversal in the way the non-default http-fetch
script sanitized URLs]
- nmap 7.70+dfsg1-1
[stretch] - nmap <no-dsa> (Minor issue)
- [jessie] - nmap <no-dsa> (Minor issue)
+ [jessie] - nmap <not-affected> (Vulnerable code not present)
+ [wheezy] - nmap <not-affected> (Vulnerable code not present)
+ NOTE: script added in 6.49BETA6 according to
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-1000161
CVE-2018-1000157
REJECTED
CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the
standard ...)
@@ -19320,6 +19322,7 @@ CVE-2018-2767 [Use of SSL/TLS not enforced in client
library (Return of BACKRONY
- mysql-5.7 <unfixed>
- mysql-5.5 <removed>
[jessie] - mysql-5.5 <postponed> (Wait for next upstream
security/bugfix release)
+ [wheezy] - mysql-5.5 <postponed> (Wait for next upstream
security/bugfix release)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE
for
NOTE: Oracle products.
@@ -23843,6 +23846,7 @@ CVE-2018-1100 [check bounds on buffer in mail checking]
- zsh 5.5-1 (bug #895225)
[stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
+ [wheezy] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
NOTE:
https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An
...)
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -93,6 +93,8 @@ sharutils (Abhijith PA)
--
slurm-llnl (Thorsten Alteholz)
--
+squirrelmail
+--
tiff (Hugo Lefeuvre)
NOTE: incomplete fix of CVE-2017-18013, see CVE-2018-7456.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bdd1de62c2618453a8f9dccf14f810930d5a8893...69be54436ac87ff91f3f23983ea8e23325237287
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bdd1de62c2618453a8f9dccf14f810930d5a8893...69be54436ac87ff91f3f23983ea8e23325237287
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
