Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: f93fac65 by Ola Lundqvist at 2018-02-03T22:04:13+01:00 Triage results. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -165,12 +165,15 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0 CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...) - zziplib <unfixed> + [wheezy] - zziplib <ignored> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/17 CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...) - zziplib <unfixed> + [wheezy] - zziplib <ignored> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/16 CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...) - zziplib <unfixed> + [wheezy] - zziplib <ignored> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/15 CVE-2018-6539 RESERVED @@ -203,6 +206,7 @@ CVE-2018-6527 RESERVED CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows remote ...) - mantis <removed> + [wheezy] - mantis <end-of-life> (Not supported in wheezy LTS) NOTE: https://mantisbt.org/bugs/view.php?id=23921 CVE-2018-6525 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows ...) NOT-FOR-US: nProtect AVS @@ -214,6 +218,7 @@ CVE-2018-6522 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) all NOT-FOR-US: nProtect AVS CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsicle ...) - gifsicle 1.91-1 (bug #878739; bug #881120) + [wheezy] - gifsicle <ignored> (Minor issue) NOTE: https://github.com/kohler/gifsicle/issues/117 NOTE: https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909 CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...) @@ -639,6 +644,7 @@ CVE-2018-1000030 [Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileob - python3.2 <removed> - python2.7 <unfixed> - python2.6 <removed> + [wheezy] - python3.2 <not-affected> (Claimed to be safe and reproduction verifies that) NOTE: Original report: https://bugs.python.org/issue31530 NOTE: https://bugs.python.org/file47157/0001-stop-crashes-when-iterating-over-a-file-on-multiple-.patch NOTE: which was followed by a pull request to fix the issue: ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -12,6 +12,10 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- clamav (Thorsten Alteholz) -- +dojo +-- +dokuwiki +-- dovecot (Thorsten Alteholz) NOTE: after applying the patch, login segfaults NOTE: maintainer and security team are looking into this @@ -63,6 +67,8 @@ opencv (Thorsten Alteholz) -- openjdk-7 (Emilio Pozuelo) -- +python-crypto +-- python2.6 -- python2.7 (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93fac65da75bb568a2f2b62824da9d600780f64 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93fac65da75bb568a2f2b62824da9d600780f64 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits