[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: follow security with no-dsa for isc-dhcp
Thorsten Alteholz
alteholz at debian.org
Thu Jan 25 10:18:00 UTC 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15c8e95c by Thorsten Alteholz at 2018-01-25T11:13:11+01:00
follow security with no-dsa for isc-dhcp
- - - - -
d0025168 by Thorsten Alteholz at 2018-01-25T11:13:47+01:00
no-dsa for isc-dhcp
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -58905,6 +58905,7 @@ CVE-2017-3144 [dhcp: omapi code doesn't free socket descriptors when empty messa
- isc-dhcp <unfixed> (bug #887413)
[stretch] - isc-dhcp <no-dsa> (Minor issue)
[jessie] - isc-dhcp <no-dsa> (Minor issue)
+ [wheezy] - isc-dhcp <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates]
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -20,8 +20,6 @@ icu
--
irssi (Emilio Pozuelo)
--
-isc-dhcp (Thorsten Alteholz)
---
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46}
NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and submitted a patch draft for Jessie.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c5e428fbc9fd0db0cc94358a9be87b5001f51f63...d0025168fac79aa3806dc83da486f4e4fbb2de84
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c5e428fbc9fd0db0cc94358a9be87b5001f51f63...d0025168fac79aa3806dc83da486f4e4fbb2de84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180125/ab921536/attachment.html>
More information about the Secure-testing-commits
mailing list