[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2018-7054
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 16 15:54:27 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c8f5f80 by Salvatore Bonaccorso at 2018-02-16T16:53:03+01:00
Add note for CVE-2018-7054
- - - - -
6a16572c by Salvatore Bonaccorso at 2018-02-16T16:53:56+01:00
Reorder entries for one CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -269,10 +269,12 @@ CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.
[jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
[wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
- NOTE: Some netsplit related changes as introduced in 1.0.0 were reverted:
+ NOTE: https://github.com/irssi/irssi/commit/e405330e04dc344797f00c12cf8fd7f63b17e0e4
+ NOTE: Some (additional) netsplit related changes as introduced in 1.0.0 were reverted:
NOTE: https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
NOTE: https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
+ NOTE: But the CVE is specifically for the use-after-free issue.
CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
- irssi <unfixed>
NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
@@ -493,8 +495,8 @@ CVE-2018-6955
RESERVED
CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...)
- systemd <unfixed>
- NOTE: https://github.com/systemd/systemd/issues/7986
[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
+ NOTE: https://github.com/systemd/systemd/issues/7986
CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain ...)
NOT-FOR-US: CCN-lite 2
CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patch ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/359c3a7a65318331ec2507fb547651299ea207a7...6a16572c839bfd1381617ea8d7e4fe186fcbcf5e
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/359c3a7a65318331ec2507fb547651299ea207a7...6a16572c839bfd1381617ea8d7e4fe186fcbcf5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/f5b84825/attachment-0001.html>
More information about the Secure-testing-commits
mailing list