[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] zziplib no-dsa

Moritz Muehlenhoff jmm at debian.org
Wed Feb 7 19:23:22 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fb68875 by Moritz Muehlenhoff at 2018-02-07T20:23:02+01:00
zziplib no-dsa
git unimportant
jhead unimportant
cpio no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -550,8 +550,9 @@ CVE-2018-6614
 CVE-2018-6613
 	RESERVED
 CVE-2018-6612 (An integer underflow bug in the process_EXIF function of the exif.c ...)
-	- jhead 1:3.00-6 (bug #889272)
+	- jhead 1:3.00-6 (unimportant; bug #889272)
 	NOTE: https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-6611 (soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt ...)
 	- libopenmpt 0.3.6-1 (bug #889545)
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present)
@@ -770,14 +771,20 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
 CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
 	- zziplib <unfixed>
+	[stretch] - zziplib <no-dsa> (Minor issue)
+	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/17
 CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
 	- zziplib <unfixed>
+	[stretch] - zziplib <no-dsa> (Minor issue)
+	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/16
 CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
 	- zziplib <unfixed>
+	[stretch] - zziplib <no-dsa> (Minor issue)
+	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/15
 CVE-2018-6539
@@ -1282,8 +1289,9 @@ CVE-2018-1000023
 	RESERVED
 CVE-2018-1000021 [client prints server sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands]
 	RESERVED
-	- git <unfixed> (bug #889680)
+	- git <unfixed> (unimportant; bug #889680)
 	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
+	NOTE: Terminal emulators need to perform proper escaping
 CVE-2018-1000020
 	RESERVED
 CVE-2018-1000019
@@ -46988,7 +46996,9 @@ CVE-2017-7517
 	RESERVED
 	NOT-FOR-US: OpenShift
 CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since ...)
-	- cpio <unfixed>
+	- cpio <unfixed> (low)
+	[stretch] - cpio <no-dsa> (Minor issue)
+	[jessie] - cpio <no-dsa> (Minor issue)
 	[wheezy] - cpio <ignored> (Minor issue, same motivation as CVE-2015-1197)
 	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html
 	NOTE: and followups: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00005.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fb68875adbb6c174a59d7eda20a22d61c5c5698

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fb68875adbb6c174a59d7eda20a22d61c5c5698
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/4a5007c1/attachment.html>

More information about the Secure-testing-commits mailing list