[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add references for CVE-2017-3144, CVE-2018-5732 and CVE-2018-5733

Thu Mar 1 14:09:33 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05c7c54f by Salvatore Bonaccorso at 2018-03-01T15:07:23+01:00
Add references for CVE-2017-3144, CVE-2018-5732 and CVE-2018-5733

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5353,10 +5353,14 @@ CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd]
 	RESERVED
 	- isc-dhcp <unfixed> (bug #891785)
 	NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
+	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
+	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
 CVE-2018-5732 [A specially constructed response from a malicious server can cause a buffer overflow in dhclient]
 	RESERVED
 	- isc-dhcp <unfixed> (bug #891786)
 	NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
+	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
+	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
 CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in ...)
 	- curl 7.58.0-1
 	[stretch] - curl 7.52.1-5+deb9u4
@@ -63280,6 +63284,7 @@ CVE-2017-3144 [dhcp: omapi code doesn't free socket descriptors when empty messa
 	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
 	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
+	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
 CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates]
 	RESERVED
 	{DSA-3904-1 DLA-1025-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05c7c54fda3f1cae57d2134b3d11aaa447258b30

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05c7c54fda3f1cae57d2134b3d11aaa447258b30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/dad39c11/attachment-0001.html>
