[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-6767 doe not affect wheezy and jessie
Thorsten Alteholz
alteholz at debian.org
Sat Feb 17 22:15:33 UTC 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
675068a2 by Thorsten Alteholz at 2018-02-17T23:17:55+01:00
CVE-2018-6767 doe not affect wheezy and jessie
- - - - -
dacf736a by Thorsten Alteholz at 2018-02-17T23:18:14+01:00
wavpack done
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1055,6 +1055,8 @@ CVE-2018-6760
RESERVED
CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function of ...)
- wavpack <unfixed> (bug #889276)
+ [jessie] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
+ [wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
NOTE: https://github.com/dbry/WavPack/issues/27
NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init]
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -84,7 +84,5 @@ suricata (Santiago R.R.)
NOTE: StreamTcpInlineDropInvalid function does not exist at all. Perhaps contact
NOTE: upstream and ask for a clarification?
--
-wavpack (Thorsten Alteholz)
---
wordpress
NOTE: 20180217: Upstream unsure how to fix at the moment (lamby)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f903687de074ebed8e251080242e28b35afde918...dacf736a3c881ff84217a53d6a7d865cacf414e1
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f903687de074ebed8e251080242e28b35afde918...dacf736a3c881ff84217a53d6a7d865cacf414e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180217/840d2b58/attachment.html>
More information about the Secure-testing-commits
mailing list