[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 8 commits: follow security team for CVE-2018-8740

Thorsten Alteholz alteholz at debian.org
Sun Mar 18 19:10:59 UTC 2018 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88a974b1 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
follow security team for CVE-2018-8740

- - - - -
d787b6a5 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
wheezy not affected

- - - - -
73881b58 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added web2py

- - - - -
d1d9a180 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added squirrelmail

- - - - -
08cc291f by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added squirrelmail

- - - - -
93e34de0 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added sharutils

- - - - -
8f82eaa1 by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added cups

- - - - -
53dafd4d by Thorsten Alteholz at 2018-03-18T20:10:53+01:00
added libpodofo

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -81,6 +81,7 @@ CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted usi
 	- sqlite3 3.22.0-2 (bug #893195)
 	[stretch] - sqlite3 <no-dsa> (Minor issue)
 	[jessie] - sqlite3 <no-dsa> (Minor issue)
+	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
 	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964
@@ -19829,6 +19830,7 @@ CVE-2018-1324 (A specially crafted ZIP archive can be used to cause an infinite 
 	- libcommons-compress-java <unfixed> (bug #893174)
 	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
 	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
+	[wheezy] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java;h=acc3b22346b49845e85b5ef27a5814b69e834139;hp=0feb9c98cc622cde1defa3bbd268ef82b4ae5c18;hb=2a2f1dc48e22a34ddb72321a4db211da91aa933b;hpb=dcb0486fb4cb2b6592c04d6ec2edbd3f690df5f2
 	NOTE: https://issues.apache.org/jira/browse/COMPRESS-432
 CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -15,6 +15,9 @@ adminer (Chris Lamb)
   NOTE: 20181603: No patch/upstream info for CVE-2018-7667 yet. (lamby)
   NOTE: 20181803: Still patch/upstream info for CVE-2018-7667. (lamby)
 --
+cups
+  NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent
+--
 curl (Santiago R.R.)
 --
 dovecot (Thorsten Alteholz)
@@ -67,6 +70,10 @@ libgcrypt11
 --
 libmad (Kurt Roeckx)
 --
+libpodofo
+  NOTE: maybe a dupe
+  NOTE: 20180318: no patch available yet, so no email to maintainer sent
+--
 libreoffice
 --
 libvorbis
@@ -116,6 +123,12 @@ rubygems
 --
 samba (Holger Levsen)
 --
+sharutils
+  NOTE: 20180318: no patch available yet, so no email to maintainer sent
+--
+squirrelmail
+  NOTE: 20180318: no patch available yet, so no email to maintainer sent
+--
 tiff (Hugo Lefeuvre)
   NOTE: incomplete fix of CVE-2017-18013, see CVE-2018-7456.
 --
@@ -123,6 +136,9 @@ tiff3
 --
 uwsgi (Abhijith PA)
 --
+web2py
+  NOTE: 20180318: no patch available yet, so no email to maintainer sent
+--
 wireshark (Thorsten Alteholz)
 --
 wordpress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8098b86da9f160314a2113502a2e6e397a8a9639...53dafd4d2a9ec4fee18b62ef08a018149fbf6414

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8098b86da9f160314a2113502a2e6e397a8a9639...53dafd4d2a9ec4fee18b62ef08a018149fbf6414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180318/7613cfbc/attachment-0001.html>

More information about the Secure-testing-commits mailing list