Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: dd77373b by Markus Koschany at 2019-01-01T23:18:06Z CVE-2018-20004,mxml: Link to fixing commit, remove no-dsa tag for Jessie. - - - - - f091dc1c by Markus Koschany at 2019-01-01T23:18:06Z CVE-2016-4570,CVE-2016-4571,mxml: Link to fixing commits Remove no-dsa tag for Jessie - - - - - ac34d34c by Markus Koschany at 2019-01-01T23:18:07Z CVE-2018-20592,mxml: Mark as no-dsa for Jessie. This issue only affects the mxmldoc tool instead of the library. - - - - - 8ae8f862 by Markus Koschany at 2019-01-01T23:18:07Z Add mxml to dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -308,6 +308,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS .. NOT-FOR-US: hsweb CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...) - mxml <unfixed> + [jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool) NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output) NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt @@ -4873,8 +4874,8 @@ CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ... CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...) - mxml <unfixed> (low) [stretch] - mxml <no-dsa> (Minor issue) - [jessie] - mxml <ignored> (Minor issue) NOTE: https://github.com/michaelrsweet/mxml/issues/233 + NOTE: Fixed by https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0 CVE-2018-20003 RESERVED CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the Binary File ...) @@ -131138,14 +131139,14 @@ CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local us NOT-FOR-US: Samsung Android component CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly ...) - mxml 2.9-1 (bug #825855) - [jessie] - mxml <no-dsa> (Minor issue) [wheezy] - mxml <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 + NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and ...) - mxml 2.9-2 (bug #825855) - [jessie] - mxml <no-dsa> (Minor issue) [wheezy] - mxml <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 + NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles ...) - linux 4.5.3-1 [jessie] - linux <not-affected> (Issue introduced later) ===================================== data/dla-needed.txt ===================================== @@ -88,6 +88,8 @@ linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) -- +mxml +-- nettle -- nss (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6aea9d298a872b2ac5d05c75803c8cd65df783df...8ae8f862280c80000ef8b023ae193ecd586b1ab0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6aea9d298a872b2ac5d05c75803c8cd65df783df...8ae8f862280c80000ef8b023ae193ecd586b1ab0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits