[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa from busybox issues. They will be fixed in a future DLA.
Markus Koschany
apo at debian.org
Sat Jul 14 20:13:43 BST 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd39be8f by Markus Koschany at 2018-07-14T21:11:32+02:00
Remove no-dsa from busybox issues. They will be fixed in a future DLA.
- - - - -
9708c7d8 by Markus Koschany at 2018-07-14T21:13:25+02:00
Update status of busybox in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -40260,7 +40260,6 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.
CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...)
- busybox 1:1.27.2-2 (bug #882258)
[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
- [jessie] - busybox <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
@@ -42334,7 +42333,6 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an
CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2.c ...)
- busybox 1:1.27.2-2 (bug #879732)
[stretch] - busybox <no-dsa> (Minor issue)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431
@@ -113207,13 +113205,11 @@ CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated user
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...)
- busybox 1:1.27.2-1 (bug #818497)
[stretch] - busybox <no-dsa> (Minor issue)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...)
- busybox 1:1.27.2-1 (bug #818499)
[stretch] - busybox <no-dsa> (Minor issue)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does ...)
@@ -122219,7 +122215,6 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti
CVE-2015-XXXX [busybox: pointer misuse unziping files]
- busybox 1:1.27.2-1 (bug #803097)
[stretch] - busybox <no-dsa> (Minor issue)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox 1:1.17.1-8+deb6u11
NOTE: workaround entry for DLA-337-1 until/if CVE assigned
@@ -129203,7 +129198,6 @@ CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password o
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
- busybox 1:1.27.2-1 (bug #802702)
[stretch] - busybox <no-dsa> (Minor issue)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...)
@@ -141670,7 +141664,6 @@ CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local use
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...)
- busybox 1:1.22.0-15 (low; bug #776186)
- [jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -17,6 +17,8 @@ ansible (Abhijith PA)
bouncycastle
--
busybox (Markus Koschany)
+ NOTE: Update is ready and will be uploaded at the end of July when my updated
+ NOTE: GPG key has been pushed to the keyring.
--
enigmail
NOTE: 20180603: Commits between https://sourceforge.net/p/enigmail/source/ci/f6c111 (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c4a9edfd0cdcf90f5f57eae8da1f70aed90e3dee...9708c7d86ccb86990654149755396fa3013ce4df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c4a9edfd0cdcf90f5f57eae8da1f70aed90e3dee...9708c7d86ccb86990654149755396fa3013ce4df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180714/9e977a00/attachment.html>
More information about the debian-security-tracker-commits
mailing list