Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f93fac65 by Ola Lundqvist at 2018-02-03T22:04:13+01:00
Triage results.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -165,12 +165,15 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer
overflow in the function
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
- zziplib <unfixed>
+ [wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/17
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- zziplib <unfixed>
+ [wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- zziplib <unfixed>
+ [wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/15
CVE-2018-6539
RESERVED
@@ -203,6 +206,7 @@ CVE-2018-6527
RESERVED
CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows
remote ...)
- mantis <removed>
+ [wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
NOTE: https://mantisbt.org/bugs/view.php?id=23921
CVE-2018-6525 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS)
allows ...)
NOT-FOR-US: nProtect AVS
@@ -214,6 +218,7 @@ CVE-2018-6522 (In nProtect AVS V4.0 4.0.0.38, the driver
file (TKRgFtXp.SYS) all
NOT-FOR-US: nProtect AVS
CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in
gifsicle ...)
- gifsicle 1.91-1 (bug #878739; bug #881120)
+ [wheezy] - gifsicle <ignored> (Minor issue)
NOTE: https://github.com/kohler/gifsicle/issues/117
NOTE:
https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the
MySQL ...)
@@ -639,6 +644,7 @@ CVE-2018-1000030 [Heap-Buffer-Overflow and
Heap-Use-After-Free in Objects/fileob
- python3.2 <removed>
- python2.7 <unfixed>
- python2.6 <removed>
+ [wheezy] - python3.2 <not-affected> (Claimed to be safe and
reproduction verifies that)
NOTE: Original report: https://bugs.python.org/issue31530
NOTE:
https://bugs.python.org/file47157/0001-stop-crashes-when-iterating-over-a-file-on-multiple-.patch
NOTE: which was followed by a pull request to fix the issue:
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -12,6 +12,10 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
clamav (Thorsten Alteholz)
--
+dojo
+--
+dokuwiki
+--
dovecot (Thorsten Alteholz)
NOTE: after applying the patch, login segfaults
NOTE: maintainer and security team are looking into this
@@ -63,6 +67,8 @@ opencv (Thorsten Alteholz)
--
openjdk-7 (Emilio Pozuelo)
--
+python-crypto
+--
python2.6
--
python2.7 (Abhijith PA)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93fac65da75bb568a2f2b62824da9d600780f64
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93fac65da75bb568a2f2b62824da9d600780f64
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
