Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd77373b by Markus Koschany at 2019-01-01T23:18:06Z
CVE-2018-20004,mxml: Link to fixing commit, remove no-dsa tag for Jessie.
- - - - -
f091dc1c by Markus Koschany at 2019-01-01T23:18:06Z
CVE-2016-4570,CVE-2016-4571,mxml: Link to fixing commits
Remove no-dsa tag for Jessie
- - - - -
ac34d34c by Markus Koschany at 2019-01-01T23:18:07Z
CVE-2018-20592,mxml: Mark as no-dsa for Jessie.
This issue only affects the mxmldoc tool instead of the library.
- - - - -
8ae8f862 by Markus Koschany at 2019-01-01T23:18:07Z
Add mxml to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -308,6 +308,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It
is a reflected XSS ..
NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer
overflow in ...)
- mxml <unfixed>
+ [jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err
(error output)
NOTE:
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
@@ -4873,8 +4874,8 @@ CVE-2018-20005 (An issue has been found in Mini-XML (aka
mxml) 2.12. It is a ...
CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a
...)
- mxml <unfixed> (low)
[stretch] - mxml <no-dsa> (Minor issue)
- [jessie] - mxml <ignored> (Minor issue)
NOTE: https://github.com/michaelrsweet/mxml/issues/233
+ NOTE: Fixed by
https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0
CVE-2018-20003
RESERVED
CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the
Binary File ...)
@@ -131138,14 +131139,14 @@ CVE-2016-4546 (Samsung devices with Android KK(4.4)
or L(5.0/5.1) allow local us
NOT-FOR-US: Samsung Android component
CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and
possibly ...)
- mxml 2.9-1 (bug #825855)
- [jessie] - mxml <no-dsa> (Minor issue)
[wheezy] - mxml <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+ NOTE:
https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7,
and ...)
- mxml 2.9-2 (bug #825855)
- [jessie] - mxml <no-dsa> (Minor issue)
[wheezy] - mxml <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+ NOTE:
https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles
...)
- linux 4.5.3-1
[jessie] - linux <not-affected> (Issue introduced later)
=====================================
data/dla-needed.txt
=====================================
@@ -88,6 +88,8 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
+mxml
+--
nettle
--
nss (Roberto C. Sánchez)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6aea9d298a872b2ac5d05c75803c8cd65df783df...8ae8f862280c80000ef8b023ae193ecd586b1ab0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6aea9d298a872b2ac5d05c75803c8cd65df783df...8ae8f862280c80000ef8b023ae193ecd586b1ab0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
