<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Markus Koschany pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6">72c5e5a1</a></strong>

<div>

<span>by Markus Koschany</span>

<i>at 2018-12-20T15:46:36Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Triage yara for Jessie.

Add link to fixing commit. The affected code is not present in Jessie. However

features to mitigate maliciously compiled bytecode were introduced only in later

versions. That means that this specific exploit might not work but there are

certainly other ways to escape the virtual machine if someone crafts a specific

rules file. It is not trivial to craft the file and to trick a security researcher

into using it. Hence this is no-dsa for Jessie.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6"}}</script>

</p>

</div>

</body>

</html>