[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-6764/libvirt as no-dsa

Salvatore Bonaccorso carnil at debian.org
Thu Feb 8 19:22:30 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aeb65f9 by Salvatore Bonaccorso at 2018-02-08T20:19:58+01:00
Mark CVE-2018-6764/libvirt as no-dsa

Confirmed that the issue is at least present from v1.3.1 onwards, but
not entirely clear if present as well earlier (The commit in 1.3.1 only
was about icnluding hostname in the initial logmessage, but the hostname
getting is already present before that commit).

To be on safe side regarding affected status, mark it rather no-dsa (and
thus still marked affected), rather with a potentially wrong
argument/reasoning on not-affected.

Cf. comments from Guido in https://bugs.debian.org/889839 for details on
the no-dsa argument.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -193,6 +193,8 @@ CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig funct
 CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init]
 	RESERVED
 	- libvirt <unfixed> (bug #889839)
+	[stretch] - libvirt <no-dsa> (Minor issue)
+	[jessie] - libvirt <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=759b4d1b0fe5f4d84d98b99153dfa7ac289dd167
 CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the Binary File ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeb65f90bb6f90220ef326ed975b3c8baf0a4e7

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeb65f90bb6f90220ef326ed975b3c8baf0a4e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180208/1735b7ca/attachment-0001.html>

More information about the Secure-testing-commits mailing list