[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2018-18520 (elfutils) in jessie LTS.
Chris Lamb
lamby at debian.org
Sat Oct 20 02:57:24 BST 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96b0b4d6 by Chris Lamb at 2018-10-20T01:54:38Z
Triage CVE-2018-18520 (elfutils) in jessie LTS.
- - - - -
a8f3a38c by Chris Lamb at 2018-10-20T01:55:17Z
Triage CVE-2018-18521 (elfutils) for jessie LTS.
- - - - -
7cf9b14a by Chris Lamb at 2018-10-20T01:56:59Z
data/dla-needed.txt: Triage imagemagick for jessie.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,13 @@ CVE-2018-18522
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
- elfutils <unfixed> (low; bug #911413)
[stretch] - elfutils <no-dsa> (Minor issue)
+ [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
- elfutils <unfixed> (low; bug #911414)
[stretch] - elfutils <no-dsa> (Minor issue)
+ [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
CVE-2018-18519
=====================================
data/dla-needed.txt
=====================================
@@ -35,6 +35,8 @@ ghostscript (Markus Koschany)
gnutls28 (Antoine Beaupre)
NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb)
--
+imagemagick
+--
libav (Hugo Lefeuvre)
NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
NOTE: 20180118: It is unlikely that he will start again in the next weeks.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7dd531e9ccf4e1abaea32533cb7383117a05f027...7cf9b14a27733f996e0659a020e6b303865c90ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7dd531e9ccf4e1abaea32533cb7383117a05f027...7cf9b14a27733f996e0659a020e6b303865c90ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181020/652d9106/attachment.html>
More information about the debian-security-tracker-commits
mailing list