[Git][security-tracker-team/security-tracker][master] Correct triaging for CVE-2018-14621

Salvatore Bonaccorso carnil at debian.org
Thu Aug 30 08:29:36 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02831c7a by Salvatore Bonaccorso at 2018-08-30T07:28:16Z
Correct triaging for CVE-2018-14621

The issue was actually only introduced in 0.3.3-rc3 upstream with a prot
to use poll() instead of select() in svc_run(). We never had thus a
version in Debian affected by the issue.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3430,10 +3430,10 @@ CVE-2018-14622 [Segmentation fault in makefd_xprt return value in svc_vc.c]
 	NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
 CVE-2018-14621 [Infinite loop in EMFILE case in svc_vc.c]
 	RESERVED
-	[experimental] - libtirpc 1.0.2-0.1
-	- libtirpc <unfixed>
+	- libtirpc <not-affected> (Vulnerable code not in a released version)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=968175
-	NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
+	NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (0.3.3-rc3)
+	NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
 CVE-2018-14620
 	RESERVED
 CVE-2018-14619 [crash (possible privesc) in  kernel crypto subsystem]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02831c7adde9c878e6b34d4f86b38e67c5c9c7af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02831c7adde9c878e6b34d4f86b38e67c5c9c7af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180830/f5e13e74/attachment.html>

More information about the debian-security-tracker-commits mailing list