[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2017-18269, git-fixes updates in 2.27-3 includes fix

Salvatore Bonaccorso carnil at debian.org
Fri May 18 21:26:32 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1ac7c0a by Salvatore Bonaccorso at 2018-05-18T22:26:18+02:00
Add CVE-2017-18269, git-fixes updates in 2.27-3 includes fix

- - - - -
9fd0943b by Salvatore Bonaccorso at 2018-05-18T22:26:18+02:00
CVE-2018-11125 was rejected by the assigning CNA, cleanup entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -65,7 +65,10 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a ...)
 CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...)
 	TODO: check
 CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...)
-	TODO: check
+	- glibc 2.27-3
+	- eglibc <removed>
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22644
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
 CVE-2018-11232 (The etm_setup_aux function in ...)
 	- linux <not-affected> (Vulnerable code never present in unstable)
 	NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
@@ -314,7 +317,6 @@ CVE-2018-11126 (dg-user/?controller=users&action=add in doorGets 7.0 has CSR
 	NOT-FOR-US: doorGets
 CVE-2018-11125
 	REJECTED
-	NOT-FOR-US: Tencent RapidJSON
 CVE-2018-11124
 	RESERVED
 CVE-2018-11123



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/742717ab0136940f792535bd849960e6bf203f7a...9fd0943b49d0c3d247483fbeee5c990bebff55c2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/742717ab0136940f792535bd849960e6bf203f7a...9fd0943b49d0c3d247483fbeee5c990bebff55c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180518/c567ad3e/attachment.html>

More information about the debian-security-tracker-commits mailing list