[Git][security-tracker-team/security-tracker][master] 2 commits: End of life.

Tue May 8 20:59:02 BST 2018

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b954214 by Ola Lundqvist at 2018-05-08T21:37:00+02:00
End of life.

- - - - -
e36610e8 by Ola Lundqvist at 2018-05-08T21:58:31+02:00
Triage results.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -55,10 +55,13 @@ CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-bas
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2788
 CVE-2018-10778 (Read access violation in the III_dequantize_sample function in ...)
 	- mp3gain <removed>
+	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
 CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in ...)
 	- mp3gain <removed>
+	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
 CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
 	- mp3gain <removed>
+	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
 CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in ...)
 	- bibutils <unfixed> (unimportant; bug #898135)
 	NOTE: Crash in CLI tool, no security impact
@@ -85,6 +88,7 @@ CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsL
 	TODO: check
 CVE-2018-10767 (There is a stack-based buffer over-read in calling GLib in the function ...)
 	- libgxps <unfixed> (bug #898133)
+	[wheezy] - libgxps <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575188
 	TODO: check (in particular if reported upstream)
 CVE-2018-10766
@@ -119,6 +123,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Derefere
 	- ncurses <unfixed> (low)
 	[stretch] - ncurses <no-dsa> (Minor issue)
 	[jessie] - ncurses <no-dsa> (Minor issue)
+	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575
 	NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414
 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...)
@@ -166,6 +171,7 @@ CVE-2018-10734
 	RESERVED
 CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
 	- libgxps <unfixed> (low; bug #897954)
+	[wheezy] - libgxps <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1574844
 	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b
 	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd
@@ -270,6 +276,7 @@ CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There i
 	NOT-FOR-US:  Vesta Control Panel
 CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
 	- lrzip <unfixed> (bug #897645)
+	[wheezy] - lrzip <ignored> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/95
 CVE-2018-10684
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -62,3 +62,4 @@ wget (Abhijith PA)
 --
 wireshark (Thorsten Alteholz)
 --
+xen



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/617cc66e2fb6e32da8ac33fadca3b03700161038...e36610e80b6c8ccc56c73f255a3319a312de8300

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/617cc66e2fb6e32da8ac33fadca3b03700161038...e36610e80b6c8ccc56c73f255a3319a312de8300
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180508/e5bbae8a/attachment-0001.html>
