[Git][security-tracker-team/security-tracker][master] 5 commits: readd xen
Thorsten Alteholz
alteholz at debian.org
Wed May 2 14:09:12 BST 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a468868 by Thorsten Alteholz at 2018-05-02T15:03:18+02:00
readd xen
- - - - -
d9711f95 by Thorsten Alteholz at 2018-05-02T15:04:00+02:00
mark CVE-2017-6888 as no-dsa for Wheezy
- - - - -
57e86382 by Thorsten Alteholz at 2018-05-02T15:05:13+02:00
mark CVE-2018-10528 and CVE-2018-10529 as no-dsa for Wheezy
- - - - -
e4123547 by Thorsten Alteholz at 2018-05-02T15:05:57+02:00
mark CVE-2018-10195 as no-dsa for Wheezy
- - - - -
9e4d29fe by Thorsten Alteholz at 2018-05-02T15:06:30+02:00
mark CVE-2017-15691 as no-dsa for Wheezy
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -322,12 +322,14 @@ CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bou
- libraw <unfixed> (low; bug #897186)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
+ [wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer ...)
- libraw <unfixed> (low; bug #897185)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
+ [wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields ...)
@@ -1065,6 +1067,7 @@ CVE-2018-10195 [rzsz: sz can leak data to receiving side]
- lrzsz 0.12.21-10 (low; bug #897010)
[stretch] - lrzsz <no-dsa> (Minor issue)
[jessie] - lrzsz <no-dsa> (Minor issue)
+ [wheezy] - lrzsz <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1090051
NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the ...)
@@ -33314,6 +33317,7 @@ CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to
- uimaj <unfixed> (bug #897009)
[stretch] - uimaj <no-dsa> (Minor issue)
[jessie] - uimaj <no-dsa> (Minor issue)
+ [wheezy] - uimaj <no-dsa> (Minor issue)
NOTE: https://uima.apache.org/security_report#CVE-2017-15691
CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...)
{DSA-4009-1}
@@ -60530,6 +60534,7 @@ CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" functi
- flac 1.3.2-2 (low; bug #897015)
[stretch] - flac <no-dsa> (Minor issue)
[jessie] - flac <no-dsa> (Minor issue)
+ [wheezy] - flac <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function ...)
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -75,3 +75,5 @@ tiff3 (Hugo Lefeuvre)
--
wireshark (Thorsten Alteholz)
--
+xen
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/2972af8b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list