[Git][security-tracker-team/security-tracker][master] 2 commits: Add bug reference for CVE-2018-10753/abcm2ps
Salvatore Bonaccorso
carnil at debian.org
Sat May 5 10:10:09 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
980754f4 by Salvatore Bonaccorso at 2018-05-05T11:03:43+02:00
Add bug reference for CVE-2018-10753/abcm2ps
- - - - -
26eb84f9 by Salvatore Bonaccorso at 2018-05-05T11:08:18+02:00
Revert changes unrelated to the partclone no-dsa marking
- - - - -
3 changed files:
- data/CVE/list
- lib/python/bugs.py
- lib/python/security_db.py
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Derefere
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575
NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414
CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...)
- - abcm2ps <unfixed>
+ - abcm2ps <unfixed> (bug #897966)
NOTE: https://github.com/leesavide/abcm2ps/issues/16
NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
=====================================
lib/python/bugs.py
=====================================
--- a/lib/python/bugs.py
+++ b/lib/python/bugs.py
@@ -299,28 +299,6 @@ class Bug(BugBase):
nts.append(notes[key])
self.notes = nts
-class BugExtend(Bug):
- def writeDB(self, cursor):
- """Writes the record to an SQLite3 database."""
-
- for (typ, c) in self.comments:
- cursor.execute("""INSERT INTO bugs_notes
- (bug_name, typ, comment) VALUES (?, ?, ?)""",
- (self.name, typ, c))
-
- for n in self.notes:
- n.writeDB(cursor, self.name)
-
- import apsw
- for x in self.xref:
- try:
- cursor.execute("""INSERT INTO bugs_xref
- (source, target) VALUES (?, ?)""",
- (self.name, x))
- except apsw.ConstraintError:
- raise ValueError, \
- "cross reference to %s appears multiple times" % x
-
class BugFromDB(Bug):
def __init__(self, cursor, name):
assert type(name) in types.StringTypes
@@ -462,9 +440,6 @@ class FileBase(debian_support.PackageFile):
debian_support.PackageFile.__init__(self, name, fileObj)
self.removed_packages = {}
- def isExtend(self, name):
- return False
-
def isUniqueName(self, name):
"""Returns True if the name is a real, unique name."""
return True
@@ -753,11 +728,7 @@ class FileBase(debian_support.PackageFile):
if first_bug:
break
record_name = temp_bug_name(first_bug, description)
- if self.isExtend(record_name):
- cls = BugExtend
- else:
- cls = Bug
- yield self.finishBug(cls(self.file.name, first_lineno, date,
+ yield self.finishBug(Bug(self.file.name, first_lineno, date,
record_name, description,
comments, notes=pkg_notes, xref=xref))
@@ -802,12 +773,6 @@ class CVEFile(FileBase):
bug.mergeNotes()
return bug
-class CVECUSTOMERFile(CVEFile):
- re_cve = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+)\s+(.*?)\s*$')
-
- def isExtend(self, name):
- return True
-
class DSAFile(FileBase):
"""A DSA file.
@@ -849,11 +814,6 @@ class DSAFile(FileBase):
bug.mergeNotes()
return bug
-class CUSTOMERFile(DSAFile):
- re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] '
- + r'(CUSTOMER-\d+(?:-\d+)?)\s+'
- + r'(.*?)\s*$')
-
class DLAFile(FileBase):
"""A DLA file.
=====================================
lib/python/security_db.py
=====================================
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -914,11 +914,9 @@ class DB:
source_removed_packages = '/packages/removed-packages'
sources = ((bugs.CVEFile, '/CVE/list'),
- (bugs.CVECUSTOMERFile, '/CVE-CUSTOMER/list'),
(bugs.DSAFile, '/DSA/list'),
(bugs.DTSAFile, '/DTSA/list'),
(bugs.DLAFile, '/DLA/list'),
- (bugs.CUSTOMERFile, '/CUSTOMER/list'),
(None, source_removed_packages))
unchanged = True
@@ -971,7 +969,7 @@ class DB:
old_source = ''
for source, target in list(cursor.execute(
"""SELECT source, target FROM bugs_xref
- WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%' OR source LIKE 'CUSTOMER-%')
+ WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%')
AND target LIKE 'CVE-%'""")):
if source <> old_source:
source_bug = bugs.BugFromDB(cursor, source)
@@ -1854,7 +1852,7 @@ class DB:
"""SELECT bugs.name, bugs.description
FROM bugs, package_notes as p
WHERE p.bug_name = bugs.name
- AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%' OR bugs.name LIKE 'CUSTOMER-%' )
+ AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%')
AND p.package = ?
ORDER BY bugs.release_date DESC""", (package,)):
yield DSAsForSourcePackage(*row)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e6096cac40dac2bebac3ea900ef7c5d84a1c8a8b...26eb84f92d2b50db70caaef703f25a590d852d96
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e6096cac40dac2bebac3ea900ef7c5d84a1c8a8b...26eb84f92d2b50db70caaef703f25a590d852d96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180505/71bc34b0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list