[Git][security-tracker-team/security-tracker][master] 5 commits: Add and take network-manager-vpnc

Salvatore Bonaccorso carnil at debian.org
Sun Jul 22 13:02:08 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f22ec648 by Salvatore Bonaccorso at 2018-07-22T13:54:34+02:00
Add and take network-manager-vpnc

- - - - -
b439e6e5 by Salvatore Bonaccorso at 2018-07-22T13:54:34+02:00
Remove CVE-2017-14136 reference

Reason: the opencv update never contained the incomplete fix for
CVE-2017-12597 alone in a released version. As such the jessie version
as well never got affected by CVE-2017-14136.

- - - - -
4cbd2f2f by Salvatore Bonaccorso at 2018-07-22T13:54:35+02:00
Add bug reference for CVE-2018-10900/network-manager-vpnc

- - - - -
05cd9f24 by Salvatore Bonaccorso at 2018-07-22T13:54:36+02:00
Reference full commit for CVE-2018-10900

- - - - -
8469ec59 by Salvatore Bonaccorso at 2018-07-22T13:57:57+02:00
libsixel: Add upstream commit and reference to the the backtrace comment

Add back the specific reference to comment, which links directly to the
backtrace in the upstream issue. In issue/67 two issues are handled.

CVE-2018-14072 is for https://github.com/saitoha/libsixel/issues/67#issue-341198610

CVE-2018-14073 is for https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926

Both are adressed by upstream in https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1038,11 +1038,13 @@ CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in alloc
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <postponed> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
+	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
+
 CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...)
 	- libsixel <unfixed> (low; bug #903858)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <postponed> (Minor issue)
-	NOTE: https://github.com/saitoha/libsixel/issues/67
+	NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
 	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
 CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient ...)
 	NOT-FOR-US: Geo Mashup plugin for WordPress
@@ -8980,9 +8982,9 @@ CVE-2018-10901
 	RESERVED
 CVE-2018-10900 [local privilege escalation]
 	RESERVED
-	- network-manager-vpnc <unfixed>
+	- network-manager-vpnc <unfixed> (bug #904255)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
-	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
+	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
 CVE-2018-10899
 	RESERVED
 CVE-2018-10898


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,5 +1,5 @@
 [22 Jul 2018] DLA-1438-1 opencv - security update
-	{CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269}
+	{CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269}
 	[jessie] - opencv 2.4.9.1+dfsg-1+deb8u2
 [21 Jul 2018] DLA-1437-1 slurm-llnl - security update
 	{CVE-2018-7033 CVE-2018-10995}


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -60,6 +60,8 @@ mutt (carnil)
   We will wait first for upload to unstable, and watch for regression reports
   Non-urgent need for an update.
 --
+network-manager-vpnc (carnil)
+--
 openjdk-8 (jmm)
 --
 openjfx



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b9e66bd209835758545ab8e8954b735292648c2d...8469ec5959e934d28e88d1fc86de4322986aab55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b9e66bd209835758545ab8e8954b735292648c2d...8469ec5959e934d28e88d1fc86de4322986aab55
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180722/0547e3ca/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list