[Git][security-tracker-team/security-tracker][master] 2 commits: Wrap one linger note for readability

Salvatore Bonaccorso carnil at debian.org
Thu Jul 5 20:21:37 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9b7654d by Salvatore Bonaccorso at 2018-07-05T20:41:41+02:00
Wrap one linger note for readability

- - - - -
dd6b5597 by Salvatore Bonaccorso at 2018-07-05T21:21:04+02:00
Track proposed git-annex update vie stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3070,8 +3070,10 @@ CVE-2018-XXXX [OVE-20180430-0002: mpatch: protect against underflow in mpatch_ap
 	- mercurial 4.6.1-1 (bug #901050)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
-	NOTE: there are actually 6 more patches required to completely fix bug #901050, see https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
-	NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior cases which the 6 patches fix
+	NOTE: there are actually 6 more patches required to completely fix bug #901050,
+	NOTE: see https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
+	NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior
+	NOTE: cases which the 6 patches fix
 CVE-2018-XXXX [OVE-20180430-0001: mpatch: be more careful about parsing binary patch data]
 	- mercurial 4.6.1-1 (bug #901050)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29


=====================================
data/next-point-update.txt
=====================================
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -155,3 +155,7 @@ CVE-2018-11506
 	[stretch] - linux 4.9.110-1
 CVE-2018-12233
 	[stretch] - linux 4.9.110-1
+CVE-2018-10857
+	[stretch] - git-annex 6.20170101-1+deb9u2
+CVE-2018-10859
+	[stretch] - git-annex 6.20170101-1+deb9u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/379c2521d412e6d3b94701b58fb8fde6b57db14c...dd6b5597356b0686b981248df18cd4455b17e8d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/379c2521d412e6d3b94701b58fb8fde6b57db14c...dd6b5597356b0686b981248df18cd4455b17e8d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180705/ce1c339a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list