[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2017-6318: Fixed in Jessie

Philipp Hahn pmhahn at debian.org
Tue Feb 6 16:27:28 UTC 2018 

Philipp Hahn pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7b05c3f by Philipp Hahn at 2018-02-06T17:26:13+01:00
CVE-2017-6318: Fixed in Jessie

<https://security-tracker.debian.org/tracker/CVE-2017-6318> lists "jessie" with
"1.0.24-8+deb8u2" as "vulnerable".

According to <https://packages.debian.org/search?keywords=sane-backends&searchon=sourcenames&suite=all&section=all>
that version is indeed in Debian-Jessie, but <http://metadata.ftp-master.debian.org/changelogs/main/s/sane-backends/sane-backends_1.0.24-8+deb8u2_changelog>
mentions "debian/patches/0500-CVE-2017-6318.patch" for that version,
which is indeed contained in that version; confirmed by:

tar xfO sane-backends_1.0.24-8+deb8u2.debian.tar.xz debian/patches/0505-CVE-2017-6318.patch
tar xfO sane-backends_1.0.24-8+deb8u2.debian.tar.xz debian/patches/series

There was no DSA releases, as the issue was considered minor, but the
issue was resolved with the Debian 8.8 point release:
<https://www.debian.org/News/2017/20170506>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -50549,7 +50549,7 @@ CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in rada
 CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain ...)
 	{DLA-940-1}
 	- sane-backends 1.0.25-4 (low; bug #854804)
-	[jessie] - sane-backends <no-dsa> (Minor issue)
+	[jessie] - sane-backends 1.0.24-8+deb8u2 (bug #854804)
 	NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d
 CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...)
 	NOT-FOR-US: Citrix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7b05c3ff7a6ebfe720c211103fe6ff2a8869bfd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7b05c3ff7a6ebfe720c211103fe6ff2a8869bfd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180206/a401d94c/attachment.html>

More information about the Secure-testing-commits mailing list