Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02831c7a by Salvatore Bonaccorso at 2018-08-30T07:28:16Z
Correct triaging for CVE-2018-14621
The issue was actually only introduced in 0.3.3-rc3 upstream with a prot
to use poll() instead of select() in svc_run(). We never had thus a
version in Debian affected by the issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3430,10 +3430,10 @@ CVE-2018-14622 [Segmentation fault in makefd_xprt
return value in svc_vc.c]
NOTE:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
CVE-2018-14621 [Infinite loop in EMFILE case in svc_vc.c]
RESERVED
- [experimental] - libtirpc 1.0.2-0.1
- - libtirpc <unfixed>
+ - libtirpc <not-affected> (Vulnerable code not in a released version)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175
- NOTE:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
+ NOTE: Introduced by:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f
(0.3.3-rc3)
+ NOTE: Fixed by:
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
CVE-2018-14620
RESERVED
CVE-2018-14619 [crash (possible privesc) in kernel crypto subsystem]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02831c7adde9c878e6b34d4f86b38e67c5c9c7af
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02831c7adde9c878e6b34d4f86b38e67c5c9c7af
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
