Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 46c7dfc9 by Salvatore Bonaccorso at 2019-04-28T09:14:25Z Add three new dhcpcd5 issues (#928056, #928104, #928105) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2019-XXXX [DHCPv6: Fix a potential buffer overflow reading NA/TA addresses] + - dhcpcd5 <unfixed> (bug #928105) + [stretch] - dhcpcd5 <not-affected> (Vulnerable code not present) + NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6 +CVE-2019-XXXX [DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED] + - dhcpcd5 <unfixed> (bug #928104) + NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 +CVE-2019-XXXX [auth: Use consttime_memequal to avoid latency attack consttime_memequal is supplied if libc does not support it] + - dhcpcd5 <unfixed> (bug #928056) + NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233 + NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da + NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have completed 2F ...) - gitea <removed> CVE-2019-11575 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c7dfc9db6ecfd1f95732623065cf5562cd1c8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c7dfc9db6ecfd1f95732623065cf5562cd1c8b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
