[Git][security-tracker-team/security-tracker][master] Track libextractor and ncurses fixes included in 8.11
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 23 10:18:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc5f86de by Salvatore Bonaccorso at 2018-06-23T11:18:02+02:00
Track libextractor and ncurses fixes included in 8.11
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31381,7 +31381,7 @@ CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in t
CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial of ...)
- libextractor 1:1.6-2 (bug #883528)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
[wheezy] - libextractor <no-dsa> (Minor issue)
NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to ...)
@@ -35473,7 +35473,7 @@ CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...)
- ncurses 6.0+20171125-1 (bug #882620)
[stretch] - ncurses 6.0+20161126-1+deb9u2
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u3
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125
@@ -38719,7 +38719,7 @@ CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the .
{DLA-1198-1}
- libextractor 1:1.6-2 (low; bug #880016)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro ...)
@@ -39506,21 +39506,21 @@ CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error fo
{DLA-1198-1}
- libextractor 1:1.6-1 (low)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...)
{DLA-1198-1}
- libextractor 1:1.6-1 (low)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091
CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...)
{DLA-1198-1}
- libextractor 1:1.6-1 (low)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695
NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
@@ -40527,7 +40527,7 @@ CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in
{DLA-1198-1}
- libextractor 1:1.6-1 (bug #878314)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
@@ -40536,7 +40536,7 @@ CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
{DLA-1198-1}
- libextractor 1:1.6-1 (bug #878314)
[stretch] - libextractor <no-dsa> (Minor issue)
- [jessie] - libextractor <no-dsa> (Minor issue)
+ [jessie] - libextractor 1:1.3-2+deb8u1
NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,19 +1,3 @@
-CVE-2017-16879
- [jessie] - ncurses 5.9+20140913-1+deb8u3
-CVE-2017-17440
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15266
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15267
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15600
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15601
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15602
- [jessie] - libextractor 1:1.3-2+deb8u1
-CVE-2017-15922
- [jessie] - libextractor 1:1.3-2+deb8u1
CVE-2017-5715
[jessie] - nvidia-graphics-drivers 340.106-1
CVE-2017-5753
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc5f86de5372f1edbd9f2a2376c75f3c49a502ff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc5f86de5372f1edbd9f2a2376c75f3c49a502ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/5791d685/attachment.html>
More information about the debian-security-tracker-commits
mailing list