[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7642, CVE-2018-7643…

Mon Mar 5 08:48:55 UTC 2018

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c685187c by Chris Lamb at 2018-03-05T08:44:34+00:00
Triage CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7642, CVE-2018-7643 (binutils) for wheezy, following stretch and jessie.

- - - - -
b3c58638 by Chris Lamb at 2018-03-05T08:46:10+00:00
Triage clamav for LTS

- - - - -
d11dceb9 by Chris Lamb at 2018-03-05T08:48:43+00:00
Triage mingw-w64 for LTS

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -64,12 +64,14 @@ CVE-2018-7643 (The display_debug_ranges function in dwarf.c in GNU Binutils 2.30
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
+	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22905
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11ae95ea3403559f052903ab053f43ad7821e37
 CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
+	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
 CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
@@ -261,18 +263,21 @@ CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
+	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22881
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
 CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
+	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22895
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
 CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
 	[jessie] - binutils <ignored> (Minor issue)
+	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22894
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
 CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kernel ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,6 +10,8 @@ this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
+clamav
+--
 dovecot (Thorsten Alteholz)
   NOTE: after applying the patch, login segfaults
   NOTE: maintainer and security team are looking into this
@@ -74,6 +76,8 @@ ming (Hugo Lefeuvre)
   NOTE: 20180118: wip, currently working on it with upstream, might take a while
   NOTE: Some issues currently in upstream's bug tracker are missing a CVE number, so number of issues might increase in the next weeks
 --
+mingw-w64
+--
 mupdf (Hugo Lefeuvre)
 --
 opencv (Thorsten Alteholz)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eca081c0373af7bb9852b2936dbefcceffde554...d11dceb9ec2cdee4af2e234c368717df5e7ea51e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eca081c0373af7bb9852b2936dbefcceffde554...d11dceb9ec2cdee4af2e234c368717df5e7ea51e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180305/8e2bab5c/attachment-0001.html>
