[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Wrap long comment

Tue Jan 16 06:17:37 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62f22e31 by Salvatore Bonaccorso at 2018-01-16T06:10:41+01:00
Wrap long comment

- - - - -
d3bc85a9 by Salvatore Bonaccorso at 2018-01-16T07:17:14+01:00
Add CVE-2017-3144/isc-dhcp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41,7 +41,8 @@ CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and applicati
 	- graphicsmagick 1.3.27-4 (bug #887158)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
-	NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it expanded to 64-bit architectures with upstream commit be5e89e6032d
+	NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it
+	NOTE: expanded to 64-bit architectures with upstream commit be5e89e6032d
 CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...)
 	- libav <removed>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
@@ -57078,8 +57079,11 @@ CVE-2017-3146
 	RESERVED
 CVE-2017-3145
 	RESERVED
-CVE-2017-3144
+CVE-2017-3144 [dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service]
 	RESERVED
+	- isc-dhcp <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
+	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
 CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates]
 	RESERVED
 	{DSA-3904-1 DLA-1025-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e42cd16f5636613aa1e1a0fda3185de0e8ab53b...d3bc85a9dccb6327aa4dcbfecb26c31cb4805b01

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e42cd16f5636613aa1e1a0fda3185de0e8ab53b...d3bc85a9dccb6327aa4dcbfecb26c31cb4805b01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180116/1b9ca6ca/attachment.html>
