[Git][security-tracker-team/security-tracker][master] Add lrzip fixed version in unstable to relevant issues

László Böszörményi gcs at debian.org
Thu May 17 18:46:34 BST 2018 

László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e3816d3 by Laszlo Boszormenyi (GCS) at 2018-05-17T17:45:03+00:00
Add lrzip fixed version in unstable to relevant issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1214,7 +1214,7 @@ CVE-2018-10687
 CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is ...)
 	NOT-FOR-US:  Vesta Control Panel
 CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
-	- lrzip <unfixed> (low; bug #897645)
+	- lrzip 0.631+git180517-1 (low; bug #897645)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <ignored> (Minor issue)
@@ -5104,7 +5104,7 @@ CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code ...
 CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 ...)
 	NOT-FOR-US: Easy File Sharing (EFS)
 CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...)
-	- lrzip <unfixed> (unimportant)
+	- lrzip 0.631+git180517-1 (unimportant)
 	NOTE: https://github.com/ckolivas/lrzip/issues/93
 	NOTE: No security impact
 CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x ...)
@@ -14584,7 +14584,7 @@ CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 
 CVE-2017-18044 (A Command Injection issue was discovered in ...)
 	NOT-FOR-US: Commvault
 CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
-	- lrzip <unfixed> (bug #888506)
+	- lrzip 0.631+git180517-1 (bug #888506)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -14757,7 +14757,7 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial
 	NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
 CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
-	- lrzip <unfixed> (bug #898451)
+	- lrzip 0.631+git180517-1 (bug #898451)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -15067,7 +15067,7 @@ CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress
 CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
 	NOT-FOR-US: dark-mode plugin for WordPress
 CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
-	- lrzip <unfixed> (bug #887065)
+	- lrzip 0.631+git180517-1 (bug #887065)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -50589,13 +50589,13 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware
 CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 ...)
 	NOT-FOR-US: Green Packet
 CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
-	- lrzip <unfixed> (bug #866020)
+	- lrzip 0.631+git180517-1 (bug #866020)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/75
 CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
-	- lrzip <unfixed> (bug #866022)
+	- lrzip 0.631+git180517-1 (bug #866022)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -55747,37 +55747,37 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by 
 CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...)
 	NOT-FOR-US: Allen Disk
 CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
-	- lrzip <unfixed> (unimportant; bug #863145)
+	- lrzip 0.631+git180517-1 (unimportant; bug #863145)
 	NOTE: https://github.com/ckolivas/lrzip/issues/67
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...)
-	- lrzip <unfixed> (bug #863150)
+	- lrzip 0.631+git180517-1 (bug #863150)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/71
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
 CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...)
-	- lrzip <unfixed> (unimportant; bug #863151)
+	- lrzip 0.631+git180517-1 (unimportant; bug #863151)
 	NOTE: https://github.com/ckolivas/lrzip/issues/68
 	NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
-	- lrzip <unfixed> (bug #863153)
+	- lrzip 0.631+git180517-1 (bug #863153)
 	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/70
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
 CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...)
-	- lrzip <unfixed> (unimportant; bug #863155)
+	- lrzip 0.631+git180517-1 (unimportant; bug #863155)
 	NOTE: https://github.com/ckolivas/lrzip/issues/69
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
-	- lrzip <unfixed> (unimportant; bug #863156)
+	- lrzip 0.631+git180517-1 (unimportant; bug #863156)
 	NOTE: https://github.com/ckolivas/lrzip/issues/66
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
 	NOTE: Crash in CLI tool, no security implications



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180517/24d32149/attachment.html>

More information about the debian-security-tracker-commits mailing list