[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-9274/osc no-dsa in wheezy

Thu, 18 Jan 2018 15:00:33 -0800 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e1a0ecb4 by Emilio Pozuelo Monfort at 2018-01-18T23:55:46+01:00
CVE-2017-9274/osc no-dsa in wheezy

- - - - -
7856e15c by Emilio Pozuelo Monfort at 2018-01-18T23:59:37+01:00
mupdf no-dsa in wheezy

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -237,6 +237,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop 
vulnerability and ...)
        - mupdf <unfixed> (bug #887130)
        [stretch] - mupdf <no-dsa> (Minor issue)
        [jessie] - mupdf <no-dsa> (Minor issue)
+       [wheezy] - mupdf <no-dsa> (Minor issue)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
        NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not 
consider
        NOTE: EOF.
@@ -5242,6 +5243,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 
1.12.0 mishandles certai
        - mupdf <unfixed> (bug #885120)
        [stretch] - mupdf <no-dsa> (Minor issue)
        [jessie] - mupdf <no-dsa> (Minor issue)
+       [wheezy] - mupdf <no-dsa> (Minor issue)
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
 CVE-2017-17865
@@ -38068,6 +38070,7 @@ CVE-2017-9274 [osc executes spec code during "osc 
commit"]
        - osc <unfixed> (bug #887391)
        [stretch] - osc <no-dsa> (Minor issue)
        [jessie] - osc <no-dsa> (Minor issue)
+       [wheezy] - osc <no-dsa> (Minor issue)
        NOTE: Details in https://bugzilla.novell.com/show_bug.cgi?id=938556
        NOTE: SUSE adressed the issue not only in the 
obs-service-source_validator
        NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.:


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -51,17 +51,12 @@ ming (Hugo Lefeuvre)
   NOTE: 20180118: wip, currently working on it with upstream, might take a 
while
   NOTE: Some issues currently in upstream's bug tracker are missing a CVE 
number, so number of issues might increase in the next weeks
 --
-mupdf
-  NOTE: 20171224: Upstream patch does not apply to LTS cleanly. Might need 
hanges to apps/pdfclean.c rather than pdf-write.c (lamby)
---
 mysql-5.5 (Emilio Pozuelo)
 --
 opencv (Thorsten Alteholz)
 --
 openjdk-7 (Emilio Pozuelo)
 --
-osc
---
 php5 (Markus Koschany)
 --
 rsync (Chris Lamb)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to