[Git][security-tracker-team/security-tracker][master] 389-ds-base regression

Hugo Lefeuvre hle at debian.org
Thu Oct 25 12:01:44 BST 2018 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e2e6ce1 by Hugo Lefeuvre at 2018-10-25T10:59:34Z
389-ds-base regression

Just noticed that the tracker contains pointers to incomplete patches
causing regression (crash), which I didn't take into account in my
Jessie security update. Update the tracker and add dla-needed entry
for regression update.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9702,7 +9702,11 @@ CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted se
 	NOTE: https://pagure.io/389-ds-base/c/a49bd03d6 (1.4.0.17)
 	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/c8ec6e58c
 	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/5fc374b43
-	NOTE: https://pagure.io/389-ds-base/issue/49969
+	NOTE: Note that these patches are incomplete and cause a regression (crash). Bundle with
+	NOTE: https://pagure.io/389-ds-base/c/a6369790c (1.4.0.17)
+	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/722a6f867
+	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/bdb1af66c
+	NOTE: see https://pagure.io/389-ds-base/issue/49969
 CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...)
 	{DSA-4307-1 DSA-4306-1}
 	- python3.7 3.7.0-7


=====================================
data/dla-needed.txt
=====================================
@@ -9,6 +9,10 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
+--
+389-ds-base (Hugo Lefeuvre)
+  NOTE: 20181025 12:52 UTC+200 just noticed that the tracker is pointing to old versions of the
+  NOTE: patches which contain a regression causing crash... preparing a regression fix
 --
 cairo
   NOTE: 20181024: No fix available yet.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e2e6ce1e54ac28af20a4b522f603240f48d7e63

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e2e6ce1e54ac28af20a4b522f603240f48d7e63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181025/d42afb6d/attachment.html>

More information about the debian-security-tracker-commits mailing list