[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2015-8217: Sort entries

Fri Nov 30 21:08:16 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4040a73e by Salvatore Bonaccorso at 2018-11-30T21:08:02Z
CVE-2015-8217: Sort entries

- - - - -
ec6e3b2a by Salvatore Bonaccorso at 2018-11-30T21:08:03Z
Four CVEs for keepalived fixed in unstable via 2.0.10 upstream version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4596,7 +4596,7 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
 CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
 	{DLA-1589-1}
-	- keepalived <unfixed> (low; bug #914393)
+	- keepalived 1:2.0.10-1 (low; bug #914393)
 	[stretch] - keepalived <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/pull/961
@@ -4770,18 +4770,18 @@ CVE-2018-19048
 CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...)
 	NOT-FOR-US: mPDF
 CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing ...)
-	- keepalived <unfixed> (unimportant)
+	- keepalived 1:2.0.10-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/issues/1048
 	NOTE: Neutralised by kernel hardening
 CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...)
-	- keepalived <unfixed> (unimportant)
+	- keepalived 1:2.0.10-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
 	NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
 	NOTE: https://github.com/acassen/keepalived/issues/1048
 CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...)
-	- keepalived <unfixed> (unimportant)
+	- keepalived 1:2.0.10-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
 	NOTE: https://github.com/acassen/keepalived/issues/1048
@@ -140045,8 +140045,8 @@ CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg
 	- ffmpeg 7:2.8.2-1
 	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <undetermined>
-	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	[jessie] - libav <not-affected> (Contains a similar code block like the one referenced by the ffmpeg commit)
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8
 CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...)
 	- ffmpeg 7:2.8.2-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c45ee80899a92f0bed3ea66ab96f57b8eeec39df...ec6e3b2a13b607ffb698b0636004f068114c1a08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c45ee80899a92f0bed3ea66ab96f57b8eeec39df...ec6e3b2a13b607ffb698b0636004f068114c1a08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/7196f08b/attachment-0001.html>
