Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits: 42c6a6f5 by Antoine Beaupré at 2018-07-05T18:00:00-04:00 mark fixed jessie versions for mercurial issues without CVE - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -3238,10 +3238,12 @@ CVE-2018-12050 RESERVED CVE-2018-XXXX [OVE-20180430-0004: mpatch: ensure fragment start isn't past the end of orig] - mercurial 4.6.1-1 (bug #901050) + [jessie] - mercurial 3.1.2-2+deb8u5 NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635 CVE-2018-XXXX [OVE-20180430-0002: mpatch: protect against underflow in mpatch_apply] - mercurial 4.6.1-1 (bug #901050) + [jessie] - mercurial 3.1.2-2+deb8u5 NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c NOTE: there are actually 6 more patches required to completely fix bug #901050, @@ -3250,6 +3252,7 @@ CVE-2018-XXXX [OVE-20180430-0002: mpatch: protect against underflow in mpatch_ap NOTE: cases which the 6 patches fix CVE-2018-XXXX [OVE-20180430-0001: mpatch: be more careful about parsing binary patch data] - mercurial 4.6.1-1 (bug #901050) + [jessie] - mercurial 3.1.2-2+deb8u5 NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7 CVE-2018-12049 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42c6a6f586ab0ebef952d8a3672cf3b2f0bb3d2a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42c6a6f586ab0ebef952d8a3672cf3b2f0bb3d2a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits