[Git][security-tracker-team/security-tracker][master] 2 commits: Don't need to add specific reproducibility mentioning as triaged for all suites

Salvatore Bonaccorso carnil at debian.org
Thu Oct 11 05:24:08 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
730ae578 by Salvatore Bonaccorso at 2018-10-11T04:18:57Z
Don't need to add specific reproducibility mentioning as triaged for all suites

- - - - -
e6b2ea16 by Salvatore Bonaccorso at 2018-10-11T04:23:32Z
CVE-2018-14638 and CVE-2018-14624 for 389-ds-base adressed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4401,7 +4401,6 @@ CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows r
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/400
 	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
-	NOTE: reproduced with ASAN build (on jessie) and POC file provided in GitHub issue
 CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c ...)
 	- tiff <unfixed> (bug #907795)
 	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
@@ -8472,7 +8471,7 @@ CVE-2018-14640
 CVE-2018-14639
 	RESERVED
 CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
-	- 389-ds-base <unfixed> (bug #908859)
+	- 389-ds-base 1.4.0.18-1 (bug #908859)
 	[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
 	NOTE: https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
 CVE-2018-14637
@@ -8517,7 +8516,7 @@ CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be ab
 	NOTE: https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
 CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions ...)
 	{DLA-1526-1}
-	- 389-ds-base <unfixed> (bug #907778)
+	- 389-ds-base 1.4.0.18-1 (bug #907778)
 	NOTE: https://pagure.io/389-ds-base/issue/49937
 	NOTE: https://pagure.io/389-ds-base/c/8ff8cb850 (master)
 	NOTE: https://pagure.io/389-ds-base/c/c5e78249d (389-ds-base-1.3.8)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/16e32bce9234c363f773bdc13567c8e3a96a5a3b...e6b2ea1620617764082598ba13949d59a08c8adf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/16e32bce9234c363f773bdc13567c8e3a96a5a3b...e6b2ea1620617764082598ba13949d59a08c8adf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181011/97a3fc1a/attachment.html>

More information about the debian-security-tracker-commits mailing list