[Git][security-tracker-team/security-tracker][master] Move back some fixed version items back to data/CVE/list

Salvatore Bonaccorso carnil at debian.org
Fri Oct 12 09:48:20 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ea75b4e by Salvatore Bonaccorso at 2018-10-12T08:45:57Z
Move back some fixed version items back to data/CVE/list

The reason we had to split these and not list in the respective DSA was
that the DSA did adress issues in jessie and stretch while beeing
supported by the security-team. The set of CVEs though was not
overlapping for the two suites, having some issues affecting stretch but
not jessie. Thus those for beeing fully correct does not be listed in
data/DSA/list otherwise they appear as to be fixed in the respective
version in the jessie upload as well, which would not be completely
correct.

This situation sometimes arise while the security team supports two
suites, but for a source package only one DSA is issued and the set of
CVEs is not overlapping.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9584,6 +9584,7 @@ CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html
 CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol ...)
 	- wireshark 2.6.2-1
+	[stretch] - wireshark <not-affected> (Vulnerable code not present)
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
@@ -17308,8 +17309,8 @@ CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could cra
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
 CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP ...)
-	{DSA-4217-1}
 	- wireshark 2.6.1-1 (bug #900708)
+	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
 	[jessie] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
 	[wheezy] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
@@ -22735,8 +22736,8 @@ CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_messa
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
 CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
-	{DSA-4217-1}
 	- wireshark 2.4.6-1
+	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14488
@@ -22799,8 +22800,8 @@ CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b12cc581cd4878d74b6116ca02c7dbe650c1f242
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
 CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector ...)
-	{DSA-4217-1}
 	- wireshark 2.4.6-1
+	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
 	[jessie] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
@@ -28164,8 +28165,8 @@ CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
 CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol ...)
-	{DSA-4217-1}
 	- wireshark 2.4.5-1
+	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
 	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
 	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
@@ -59965,8 +59966,8 @@ CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSD
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
 CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could ...)
-	{DSA-4060-1}
 	- wireshark 2.4.1-1
+	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847


=====================================
data/DSA/list
=====================================
@@ -302,7 +302,7 @@
 	[jessie] - memcached 1.4.21-1.1+deb8u2
 	[stretch] - memcached 1.4.33-1+deb9u1
 [03 Jun 2018] DSA-4217-1 wireshark - security update
-	{CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358 CVE-2018-11362 CVE-2018-11360 CVE-2018-9273 CVE-2018-9264 CVE-2018-7320}
+	{CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358 CVE-2018-11362}
 	[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u14
 	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
 [03 Jun 2018] DSA-4191-2 redmine - regression update
@@ -873,7 +873,7 @@
 	[jessie] - thunderbird 1:52.5.0-1~deb8u1
 	[stretch] - thunderbird 1:52.5.0-1~deb9u1
 [09 Dec 2017] DSA-4060-1 wireshark - security update
-	{CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-13766}
+	{CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085}
 	[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u12
 	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
 [08 Dec 2017] DSA-4059-1 libxcursor - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ea75b4ea699888205dd8debcd8a844faef243fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ea75b4ea699888205dd8debcd8a844faef243fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181012/09ff0f31/attachment.html>

More information about the debian-security-tracker-commits mailing list