[Git][security-tracker-team/security-tracker][master] 5 commits: readd xen

Thorsten Alteholz alteholz at debian.org
Wed May 2 14:09:12 BST 2018


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a468868 by Thorsten Alteholz at 2018-05-02T15:03:18+02:00
readd xen

- - - - -
d9711f95 by Thorsten Alteholz at 2018-05-02T15:04:00+02:00
mark CVE-2017-6888 as no-dsa for Wheezy

- - - - -
57e86382 by Thorsten Alteholz at 2018-05-02T15:05:13+02:00
mark CVE-2018-10528 and CVE-2018-10529 as no-dsa for Wheezy

- - - - -
e4123547 by Thorsten Alteholz at 2018-05-02T15:05:57+02:00
mark CVE-2018-10195 as no-dsa for Wheezy

- - - - -
9e4d29fe by Thorsten Alteholz at 2018-05-02T15:06:30+02:00
mark CVE-2017-15691 as no-dsa for Wheezy

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -322,12 +322,14 @@ CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bou
 	- libraw <unfixed> (low; bug #897186)
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
 	NOTE: https://github.com/LibRaw/LibRaw/issues/144
 CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer ...)
 	- libraw <unfixed> (low; bug #897185)
 	[stretch] - libraw <no-dsa> (Minor issue)
 	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <no-dsa> (Minor issue)
 	NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
 	NOTE: https://github.com/LibRaw/LibRaw/issues/144
 CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields ...)
@@ -1065,6 +1067,7 @@ CVE-2018-10195 [rzsz: sz can leak data to receiving side]
 	- lrzsz 0.12.21-10 (low; bug #897010)
 	[stretch] - lrzsz <no-dsa> (Minor issue)
 	[jessie] - lrzsz <no-dsa> (Minor issue)
+	[wheezy] - lrzsz <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1090051
 	NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
 CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the ...)
@@ -33314,6 +33317,7 @@ CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to
 	- uimaj <unfixed> (bug #897009)
 	[stretch] - uimaj <no-dsa> (Minor issue)
 	[jessie] - uimaj <no-dsa> (Minor issue)
+	[wheezy] - uimaj <no-dsa> (Minor issue)
 	NOTE: https://uima.apache.org/security_report#CVE-2017-15691
 CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...)
 	{DSA-4009-1}
@@ -60530,6 +60534,7 @@ CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" functi
 	- flac 1.3.2-2 (low; bug #897015)
 	[stretch] - flac <no-dsa> (Minor issue)
 	[jessie] - flac <no-dsa> (Minor issue)
+	[wheezy] - flac <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
 	NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
 CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -75,3 +75,5 @@ tiff3 (Hugo Lefeuvre)
 --
 wireshark (Thorsten Alteholz)
 --
+xen
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ff96e073d84a857b96b66e73d7db6b2233909ea5...9e4d29feb59e5b2ed9b6f817c33205f02b691fbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/2972af8b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list