[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Triage radare2 for Wheezy.

Markus Koschany apo at debian.org
Sat Mar 24 22:42:51 UTC 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c3eb811 by Markus Koschany at 2018-03-24T23:40:43+01:00
Triage radare2 for Wheezy.

CVE-2018-8808 most like does not affect Wheezy, the code is different but I
cannot verify it at the moment hence I am going to mark it as no-dsa for now.

CVE-2018-8809: very similar to CVE-2018-8808. Code is quite different.

CVE-2018-8810: not-affected, vulnerable code is not present.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -390,12 +390,15 @@ CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: OpenCMS
 CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
 	- radare2 <unfixed>
+	[wheezy] - radare2 <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/radare/radare2/issues/9727
 CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
 	- radare2 <unfixed>
+	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
 	NOTE: https://github.com/radare/radare2/issues/9726
 CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
 	- radare2 <unfixed>
+	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
 	NOTE: https://github.com/radare/radare2/issues/9725
 CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function ...)
 	- ming <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3eb811575e18b2ffbedb0585f9ae13c973feb0

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3eb811575e18b2ffbedb0585f9ae13c973feb0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180324/c5f90e29/attachment.html>

More information about the Secure-testing-commits mailing list