[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags from libarchive issues.

Markus Koschany apo at debian.org
Thu Nov 29 16:03:03 GMT 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fb32360 by Markus Koschany at 2018-11-29T16:02:33Z
Remove no-dsa tags from libarchive issues.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64920,21 +64920,18 @@ CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not e
 CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within ...)
 	- libarchive 3.2.2-4.1 (bug #875960)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/948
 	NOTE: https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14
 CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 ...)
 	- libarchive 3.2.2-4.1 (bug #875974)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
 CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
 	- libarchive 3.2.2-4.2 (bug #875966)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/949
 	NOTE: https://github.com/libarchive/libarchive/commit/f9569c086ff29259c73790db9cbf39fe8fb9d862
@@ -65946,7 +65943,6 @@ CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of se
 	{DLA-1092-1}
 	- libarchive 3.2.2-3.1 (bug #874539)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
 	NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
 	NOTE: https://github.com/libarchive/libarchive/issues/935
@@ -83468,14 +83464,12 @@ CVE-2016-10350 (The archive_read_format_cab_read_header function in ...)
 	{DLA-1006-1}
 	- libarchive 3.2.2-3.1 (bug #861609)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/835
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
 CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...)
 	{DLA-1006-1}
 	- libarchive 3.2.2-3.1 (bug #861609)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/834
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
 CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...)
@@ -91376,7 +91370,6 @@ CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c
 	{DLA-1006-1}
 	- libarchive 3.2.2-3.1 (low; bug #859456)
 	[stretch] - libarchive <no-dsa> (Minor issue)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/842
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
 CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ...)
@@ -92428,7 +92421,6 @@ CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message Carbons&qu
 CVE-2017-5601 (An error in the lha_read_file_header_1() function ...)
 	{DLA-810-1}
 	- libarchive 3.2.1-6 (bug #853278)
-	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
 	NOTE: https://secunia.com/secunia_research/2017-3/
 CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. ...)
@@ -110228,14 +110220,12 @@ CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer bef
 CVE-2016-8689 (The read_Header function in archive_read_support_format_7zip.c in ...)
 	{DLA-661-1}
 	- libarchive 3.2.1-5 (bug #840934)
-	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
 	NOTE: https://github.com/libarchive/libarchive/issues/761
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
 CVE-2016-8688 (The mtree bidder in libarchive 3.2.1 does not keep track of line sizes ...)
 	{DLA-661-1}
 	- libarchive 3.2.1-5 (bug #840935)
-	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
@@ -110245,7 +110235,6 @@ CVE-2016-8688 (The mtree bidder in libarchive 3.2.1 does not keep track of line
 CVE-2016-8687 (Stack-based buffer overflow in the safe_fprintf function in tar/util.c ...)
 	{DLA-661-1}
 	- libarchive 3.2.1-5 (bug #840936)
-	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
 	NOTE: https://github.com/libarchive/libarchive/issues/767
@@ -121387,7 +121376,6 @@ CVE-2015-8916 (bsdtar in libarchive before 3.2.0 returns a success code without
 CVE-2015-8915 (bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a ...)
 	{DLA-617-1}
 	- libarchive 3.2.0-2 (low; bug #784213)
-	[jessie] - libarchive <no-dsa> (Minor issue; can potentially be included in future DSA)
 	[squeeze] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/503
 	NOTE: https://github.com/libarchive/libarchive/issues/502



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fb323602039465e3cf3648382823a845d9d1dc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fb323602039465e3cf3648382823a845d9d1dc1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181129/227eb849/attachment.html>

More information about the debian-security-tracker-commits mailing list