[Git][security-tracker-team/security-tracker][master] faad2, ghostscript, file, blktrace fixes included in 8.11

Salvatore Bonaccorso carnil at debian.org
Sat Jun 23 10:36:05 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6958d3a by Salvatore Bonaccorso at 2018-06-23T11:35:24+02:00
faad2, ghostscript, file, blktrace fixes included in 8.11

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5150,7 +5150,7 @@ CVE-2018-10690
 CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel ...)
 	- blktrace 1.2.0-1 (low; bug #897695)
 	[stretch] - blktrace <no-dsa> (Minor issue)
-	[jessie] - blktrace <no-dsa> (Minor issue)
+	[jessie] - blktrace 1.0.5-1+deb8u1
 	[wheezy] - blktrace <no-dsa> (Minor issue)
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
 	NOTE: https://www.spinics.net/lists/linux-btrace/msg00847.html
@@ -5979,7 +5979,7 @@ CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking calendar, 
 CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file 5.33 ...)
 	- file 1:5.33-3 (bug #901351)
 	[stretch] - file <no-dsa> (Minor issue; will be fixed via pu)
-	[jessie] - file <no-dsa> (Minor issue; will be fixed via pu)
+	[jessie] - file 1:5.22+15-2+deb8u4
 	NOTE: https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
 CVE-2018-10359 (A pool corruption privilege escalation vulnerability in Trend Micro ...)
 	NOT-FOR-US: Trend Micro
@@ -6366,7 +6366,7 @@ CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in t
 	{DLA-1363-1}
 	- ghostscript 9.22~dfsg-2.1 (bug #896069)
 	[stretch] - ghostscript <no-dsa> (Minor issue)
-	[jessie] - ghostscript <no-dsa> (Minor issue)
+	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
 CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer ...)
@@ -58792,27 +58792,27 @@ CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freewar
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch ...)
 	- openvswitch 2.6.1+git20161123-1
 	[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
@@ -58935,32 +58935,32 @@ CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freewar
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
 	{DLA-1077-1}
 	- faad2 2.8.1-1 (low; bug #867724)
 	[stretch] - faad2 <no-dsa> (Minor issue)
-	[jessie] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u1
 CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...)
 	[experimental] - systemd 233-8
 	- systemd 232-24 (bug #863277)
@@ -64737,7 +64737,7 @@ CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.
 CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
 	- ghostscript 9.22~dfsg-2.1 (bug #860869)
 	[stretch] - ghostscript <no-dsa> (Minor issue)
-	[jessie] - ghostscript <no-dsa> (Minor issue)
+	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
 	[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4


=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,33 +1,5 @@
-CVE-2017-9218
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9219
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9220
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9221
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9222
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9223
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9253
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9254
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9256
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9257
-	[jessie] - faad2 2.7-8+deb8u1
-CVE-2018-10194
-	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
-CVE-2016-10317
-	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
-CVE-2018-10689
-	[jessie] - blktrace 1.0.5-1+deb8u1
 CVE-2017-5715
 	[jessie] - intel-microcode 3.20180425.1~deb8u1
-CVE-2018-10360
-	[jessie] - file 1:5.22+15-2+deb8u4
 CVE-2017-9872
 	[jessie] - lame 3.99.5+repack1-7+deb8u2
 CVE-2017-9871



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6958d3aabc7a70e6bcce6d8d946da2a6be0c1eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6958d3aabc7a70e6bcce6d8d946da2a6be0c1eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/ae3d7786/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list