[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-18189, sox: Issue in Wheezy was fixed by DLA-1197-1

Markus Koschany apo at debian.org
Sat Feb 17 19:35:27 UTC 2018


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc7cf2ea by Markus Koschany at 2018-02-17T20:33:46+01:00
CVE-2017-18189,sox: Issue in Wheezy was fixed by DLA-1197-1

This issue was already fixed with DLA-1197-1. See
0012-xa-validate-channel-count.patch

- - - - -
a880765c by Markus Koschany at 2018-02-17T20:35:03+01:00
Remove sox from dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -332,6 +332,7 @@ CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.
 	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
 	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
 CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) through ...)
+	{DLA-1197-1}
 	- sox 14.4.2-2 (bug #881121)
 	[stretch] - sox <no-dsa> (Minor issue)
 	[jessie] - sox <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -78,9 +78,6 @@ openjdk-7 (Emilio Pozuelo)
 --
 polarssl
 --
-sox (Markus Koschany)
-  NOTE: marked no-dsa/minor in stable. if worth an upload, consider also uploading to jessie/stretch as well since version numbers are very close
---
 suricata (Santiago R.R.)
   NOTE: Hard to tell whether the package is vulnerable. DetectFlow in detect.c
   NOTE: does not exist. Code seems to be in SigMatchSignatures instead.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2718c8de263b66cbffc4326847841daf8604cf7...a880765c7f092b70416f67c97b43af1919f5802b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2718c8de263b66cbffc4326847841daf8604cf7...a880765c7f092b70416f67c97b43af1919f5802b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180217/15d5ad88/attachment-0001.html>


More information about the Secure-testing-commits mailing list