[Git][security-tracker-team/security-tracker][master] 2 commits: not support for non-free p7zip-rar
Thorsten Alteholz
alteholz at debian.org
Fri May 4 07:33:01 BST 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9e4ec6a by Thorsten Alteholz at 2018-05-04T08:30:04+02:00
not support for non-free p7zip-rar
- - - - -
3bd46f87 by Thorsten Alteholz at 2018-05-04T08:30:04+02:00
add quassel
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1461,6 +1461,7 @@ CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 1
- p7zip-rar <unfixed> (bug #897674)
[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
+ [wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
NOTE: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -65,6 +65,9 @@ openjdk-7 (Emilio Pozuelo)
--
php5 (Markus Koschany)
--
+quassel
+ NOTE: maintainer does not plan to work on Wheezy, CVE-2018-1000178 affects Wheezy, CVE-2018-1000179 affects only new installations so maybe not relevant for LTS
+--
ruby1.9.1
NOTE: 20180427: Remaining bugs are no-dsa only. (santiago)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4046ea286df7570ede86d3c55cc1118e0e0138ce...3bd46f87ab604101e4209eef3bec774a903a36f9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4046ea286df7570ede86d3c55cc1118e0e0138ce...3bd46f87ab604101e4209eef3bec774a903a36f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180504/a26801f7/attachment.html>
More information about the debian-security-tracker-commits
mailing list