[Git][security-tracker-team/security-tracker][master] CVE-2017-8315,eclipse,apktool: Eclipse is not affected but apktool

Markus Koschany apo at debian.org
Sun Nov 25 19:28:51 GMT 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fa81f7a by Markus Koschany at 2018-11-25T19:25:22Z
CVE-2017-8315,eclipse,apktool: Eclipse is not affected but apktool

Debian never shipped the eclipse-andmore plugin or related IDE specific code
for managing Android projects. However apktool until version 2.2.4 was
affected. That means the version in Stretch remains vulnerable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80420,8 +80420,13 @@ CVE-2017-8317
 CVE-2017-8316 (IntelliJ IDEA XML parser was found vulnerable to XML External Entity ...)
 	NOT-FOR-US: IntelliJ IDEA XML parser
 CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ...)
-	- eclipse <undetermined>
+	- apktool 2.2.4-1
 	NOTE: Upstream bug with details is restricted
+	NOTE: According to Red Hat only eclipse-andmore was affected but it was
+	NOTE: never shipped with Debian. Apktool is affected though.
+	NOTE: Possible fixes: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c
+	NOTE: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed
+	NOTE: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063
 CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 ...)
 	{DLA-1243-1}
 	- kodi 2:17.1+dfsg1-3 (bug #863230)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fa81f7a9811e023ad7b0778b81eeaee481057e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fa81f7a9811e023ad7b0778b81eeaee481057e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181125/4c78cf60/attachment.html>

More information about the debian-security-tracker-commits mailing list