[Git][security-tracker-team/security-tracker][master] libarchive DSA
Moritz Muehlenhoff
jmm at debian.org
Thu Dec 27 16:29:25 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93deac58 by Moritz Muehlenhoff at 2018-12-27T16:28:57Z
libarchive DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -71225,21 +71225,18 @@ CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not e
CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within ...)
{DLA-1600-1}
- libarchive 3.2.2-4.1 (bug #875960)
- [stretch] - libarchive <no-dsa> (Minor issue)
[wheezy] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/948
NOTE: https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14
CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 ...)
{DLA-1600-1}
- libarchive 3.2.2-4.1 (bug #875974)
- [stretch] - libarchive <no-dsa> (Minor issue)
[wheezy] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
{DLA-1600-1}
- libarchive 3.2.2-4.2 (bug #875966)
- [stretch] - libarchive <no-dsa> (Minor issue)
[wheezy] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/949
NOTE: https://github.com/libarchive/libarchive/commit/f9569c086ff29259c73790db9cbf39fe8fb9d862
@@ -72255,7 +72252,6 @@ CVE-2017-14161
CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...)
{DLA-1600-1 DLA-1092-1}
- libarchive 3.2.2-3.1 (bug #874539)
- [stretch] - libarchive <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
NOTE: https://github.com/libarchive/libarchive/issues/935
@@ -89794,13 +89790,11 @@ CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for ...)
CVE-2016-10350 (The archive_read_format_cab_read_header function in ...)
{DLA-1600-1 DLA-1006-1}
- libarchive 3.2.2-3.1 (bug #861609)
- [stretch] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/835
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...)
{DLA-1600-1 DLA-1006-1}
- libarchive 3.2.2-3.1 (bug #861609)
- [stretch] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/834
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...)
@@ -97701,7 +97695,6 @@ CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
{DLA-1600-1 DLA-1006-1}
- libarchive 3.2.2-3.1 (low; bug #859456)
- [stretch] - libarchive <no-dsa> (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/842
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Dec 2018] DSA-4360-1 libarchive - security update
+ {CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880}
+ [stretch] - libarchive 3.2.2-2+deb9u1
[27 Dec 2018] DSA-4359-1 wireshark - security update
{CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628}
[stretch] - wireshark 2.6.5-1~deb9u1
=====================================
data/dsa-needed.txt
=====================================
@@ -24,9 +24,6 @@ glusterfs
--
graphicsmagick
--
-libarchive
- Markus Koschany proposed a debdiff for covering several CVEs
---
libidn
santiago proposed debdiffs for jessie and stretch
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93deac58f4912c127d9eb5743298dea220cebac1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/93deac58f4912c127d9eb5743298dea220cebac1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181227/e10f78b5/attachment.html>
More information about the debian-security-tracker-commits
mailing list