[Git][security-tracker-team/security-tracker][master] Four curl issues fixed via unstable upload
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 1 06:39:55 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10f29c72 by Salvatore Bonaccorso at 2018-11-01T06:39:24Z
Four curl issues fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4910,19 +4910,19 @@ CVE-2018-16844
CVE-2018-16843
RESERVED
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...)
- - curl <unfixed>
+ - curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
CVE-2018-16841
RESERVED
CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 ...)
- - curl <unfixed>
+ - curl 7.62.0-1
[stretch] - curl <not-affected> (Use-after-free issue introduced later)
NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
- - curl <unfixed>
+ - curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838
@@ -10454,7 +10454,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...)
{DSA-4286-1 DLA-1498-1}
- - curl <unfixed> (bug #908327)
+ - curl 7.62.0-1 (bug #908327)
NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
NOTE: https://github.com/curl/curl/issues/2756
NOTE: https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10f29c72cd807513bc016ec26a8411d6a4615bea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10f29c72cd807513bc016ec26a8411d6a4615bea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181101/a3b4003d/attachment.html>
More information about the debian-security-tracker-commits
mailing list