[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] The CVE was marked as no-dsa for Debian Security and there is no reason to…

Ola Lundqvist opal at debian.org
Thu Apr 12 20:52:12 BST 2018 

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1c3111a by Ola Lundqvist at 2018-04-12T21:51:42+02:00
The CVE was marked as no-dsa for Debian Security and there is no reason to believe why wheezy should be treated differently. Therefore marking as ignored and removing the package from dla-needed.txt.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11364,6 +11364,7 @@ CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw
 	- libraw 0.18.7-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <ignored> (Minor issue)
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
 	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
@@ -11371,6 +11372,7 @@ CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cx
 	- libraw 0.18.7-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <ignored> (Minor issue)
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
 	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
@@ -11378,6 +11380,7 @@ CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw functi
 	- libraw 0.18.7-1
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <ignored> (Minor issue)
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
 	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -58,9 +58,6 @@ libav (Hugo Lefeuvre)
 --
 libmad (Kurt Roeckx)
 --
-libraw
-  NOTE: Only a subset of functions are present in Wheezy.
---
 libvorbis
   NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback on this issue.
   NOTE: Fixes for other CVEs applied upstream and in sid.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c3111a3688480350fbe773e816be8ab5fe31cf

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c3111a3688480350fbe773e816be8ab5fe31cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180412/0ed90050/attachment.html>

More information about the debian-security-tracker-commits mailing list