[Git][security-tracker-team/security-tracker][master] 2 commits: lrzip no-dsa

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e80b9736 by Moritz Muehlenhoff at 2018-06-03T19:39:43+02:00
lrzip no-dsa

- - - - -
76e6a7bc by Moritz Muehlenhoff at 2018-06-03T19:51:50+02:00
two tiff issues resolved by dropping the affected tool a while back
derby no-dsa
epiphany unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -448,6 +448,8 @@ CVE-2018-11497
 	RESERVED
 CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in ...)
 	- lrzip 0.631+git180528-1
+	[stretch] - lrzip <no-dsa> (Minor issue)
+	[jessie] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/96
 	NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd
 	NOTE: https://github.com/ckolivas/lrzip/commit/a81248e47d276cf59b8c7e22558e2b5035e87b33
@@ -677,8 +679,9 @@ CVE-2018-11398
 CVE-2018-11397
 	RESERVED
 CVE-2018-11396 (ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through ...)
-	- epiphany-browser 3.28.2.1-1 (bug #899409)
+	- epiphany-browser 3.28.2.1-1 (unimportant; bug #899409)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795740
+	NOTE: webkit not covered by security support
 CVE-2018-11395
 	RESERVED
 CVE-2018-11394
@@ -2186,9 +2189,13 @@ CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Log
 CVE-2018-10802
 	RESERVED
 CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as ...)
-	- tiff <unfixed>
+	- tiff 4.0.6-3
+	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2790
+	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
+	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
+	NOTE: technically still present in the source package
 CVE-2018-10800
 	RESERVED
 CVE-2018-10799 (A hang issue was discovered in Brave before 0.14.0 (on, for example, ...)
@@ -2240,9 +2247,13 @@ CVE-2018-10780 (Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-ba
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575201
 	TODO: check, there is same function in byteSwap2 in earlier versions than 0.26
 CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based ...)
-	- tiff <unfixed> (bug #898359)
+	- tiff 4.0.6-3
+	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2788
+	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
+	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
+	NOTE: technically still present in the source package
 CVE-2018-10778 (Read access violation in the III_dequantize_sample function in ...)
 	- mp3gain <removed>
 	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
@@ -28254,6 +28265,8 @@ CVE-2018-1314
 	RESERVED
 CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network ...)
 	- derby 10.14.2.0-1
+	[jessie] - derby <no-dsa> (Minor issue)
+	[stretch] - derby <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
 CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest ...)
 	{DSA-4164-1 DLA-1389-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/41f8555ca4030de1da2433c1e6f32f781db54c5a...76e6a7bcb1f91b2412c90ec7a715bd59704f0273

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/41f8555ca4030de1da2433c1e6f32f781db54c5a...76e6a7bcb1f91b2412c90ec7a715bd59704f0273
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180603/ab38ce91/attachment.html>