[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-9274/osc no-dsa in wheezy
Emilio Pozuelo Monfort
pochu at debian.org
Thu Jan 18 23:00:08 UTC 2018
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1a0ecb4 by Emilio Pozuelo Monfort at 2018-01-18T23:55:46+01:00
CVE-2017-9274/osc no-dsa in wheezy
- - - - -
7856e15c by Emilio Pozuelo Monfort at 2018-01-18T23:59:37+01:00
mupdf no-dsa in wheezy
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -237,6 +237,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
- mupdf <unfixed> (bug #887130)
[stretch] - mupdf <no-dsa> (Minor issue)
[jessie] - mupdf <no-dsa> (Minor issue)
+ [wheezy] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider
NOTE: EOF.
@@ -5242,6 +5243,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certai
- mupdf <unfixed> (bug #885120)
[stretch] - mupdf <no-dsa> (Minor issue)
[jessie] - mupdf <no-dsa> (Minor issue)
+ [wheezy] - mupdf <no-dsa> (Minor issue)
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
CVE-2017-17865
@@ -38068,6 +38070,7 @@ CVE-2017-9274 [osc executes spec code during "osc commit"]
- osc <unfixed> (bug #887391)
[stretch] - osc <no-dsa> (Minor issue)
[jessie] - osc <no-dsa> (Minor issue)
+ [wheezy] - osc <no-dsa> (Minor issue)
NOTE: Details in https://bugzilla.novell.com/show_bug.cgi?id=938556
NOTE: SUSE adressed the issue not only in the obs-service-source_validator
NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.:
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -51,17 +51,12 @@ ming (Hugo Lefeuvre)
NOTE: 20180118: wip, currently working on it with upstream, might take a while
NOTE: Some issues currently in upstream's bug tracker are missing a CVE number, so number of issues might increase in the next weeks
--
-mupdf
- NOTE: 20171224: Upstream patch does not apply to LTS cleanly. Might need hanges to apps/pdfclean.c rather than pdf-write.c (lamby)
---
mysql-5.5 (Emilio Pozuelo)
--
opencv (Thorsten Alteholz)
--
openjdk-7 (Emilio Pozuelo)
--
-osc
---
php5 (Markus Koschany)
--
rsync (Chris Lamb)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c6eafa28eca983bcf0d937e6775aa222ddbe12f4...7856e15c99189d3708584e0e14979ac072c049b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180118/0fef7a76/attachment.html>
More information about the Secure-testing-commits
mailing list