[Git][security-tracker-team/security-tracker][master] Reserve DSA number for perl update

Sat Apr 14 16:47:42 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3697e9b3 by Salvatore Bonaccorso at 2018-04-14T17:47:25+02:00
Reserve DSA number for perl update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8502,6 +8502,7 @@ CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
 CVE-2018-6798 [Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)]
 	RESERVED
 	- perl <unfixed>
+	[stretch] - perl 5.24.1-3+deb9u3
 	[jessie] - perl <not-affected> (Issue introduced later)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132063
 	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
@@ -8511,6 +8512,7 @@ CVE-2018-6798 [Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)]
 CVE-2018-6797 [heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)]
 	RESERVED
 	- perl <unfixed>
+	[stretch] - perl 5.24.1-3+deb9u3
 	[jessie] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132227
 	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[14 Apr 2018] DSA-4172-1 perl - security update
+	{CVE-2018-6913}
+	[jessie] - perl 5.20.2-3+deb8u10
+	[stretch] - perl 5.24.1-3+deb9u3
 [13 Apr 2018] DSA-4171-1 ruby-loofah - security update
 	{CVE-2018-8048}
 	[stretch] - ruby-loofah 2.0.3-2+deb9u1


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -60,8 +60,6 @@ openjpeg2 (luciano)
 --
 passenger/stable
 --
-perl (carnil)
---
 php5/oldstable
   wait for 5.6.34 release
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3697e9b38456d1109fd89f6775bb55bb4e52def9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3697e9b38456d1109fd89f6775bb55bb4e52def9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180414/f35f4024/attachment-0001.html>
