[Git][security-tracker-team/security-tracker][master] 2 commits: not support for non-free p7zip-rar

Thorsten Alteholz alteholz at debian.org
Fri May 4 07:33:01 BST 2018


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9e4ec6a by Thorsten Alteholz at 2018-05-04T08:30:04+02:00
not support for non-free p7zip-rar

- - - - -
3bd46f87 by Thorsten Alteholz at 2018-05-04T08:30:04+02:00
add quassel

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1461,6 +1461,7 @@ CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 1
 	- p7zip-rar <unfixed> (bug #897674)
 	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
 	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
+	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
 	NOTE: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
 	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
 CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -65,6 +65,9 @@ openjdk-7 (Emilio Pozuelo)
 --
 php5 (Markus Koschany)
 --
+quassel
+  NOTE: maintainer does not plan to work on Wheezy, CVE-2018-1000178 affects Wheezy, CVE-2018-1000179 affects only new installations so maybe not relevant for LTS
+--
 ruby1.9.1
   NOTE: 20180427: Remaining bugs are no-dsa only. (santiago)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4046ea286df7570ede86d3c55cc1118e0e0138ce...3bd46f87ab604101e4209eef3bec774a903a36f9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4046ea286df7570ede86d3c55cc1118e0e0138ce...3bd46f87ab604101e4209eef3bec774a903a36f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180504/a26801f7/attachment.html>


More information about the debian-security-tracker-commits mailing list