[Git][security-tracker-team/security-tracker][master] Add new mgetty issues

Salvatore Bonaccorso carnil at debian.org
Tue Sep 11 20:08:55 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81a59c8c by Salvatore Bonaccorso at 2018-09-11T19:08:39Z
Add new mgetty issues

Out of those CVE-2018-16741 will get a DSA and DLA.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,17 +205,28 @@ CVE-2018-16747
 	RESERVED
 CVE-2018-16746
 	RESERVED
-CVE-2018-16745
+CVE-2018-16745 [buffer overflow in faxrec]
 	RESERVED
-CVE-2018-16744
+	- mgetty <unfixed>
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+CVE-2018-16744 [command injection in faxrec.c]
 	RESERVED
-CVE-2018-16743
+	- mgetty <unfixed>
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+CVE-2018-16743 [stack-based buffer overflow with long username in contrib/next-login/login.c]
 	RESERVED
-CVE-2018-16742
+	- mgetty <unfixed> (unimportant)
+	NOTE: contrib/next-login/ not built in Debian packaging
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+CVE-2018-16742 [stack-based buffer overflow with long arguments in contrib/scrts.c]
 	RESERVED
-CVE-2018-16741
+	- mgetty <unfixed> (unimportant)
+	NOTE: contri/scrts not built in Debian packaging
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+CVE-2018-16741 [shell injection via faxq-helper]
 	RESERVED
 	- mgetty <unfixed>
+	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 CVE-2018-16740
 	RESERVED
 CVE-2018-16739



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81a59c8cc3a36068927b0ea09244ac078772b293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/81a59c8cc3a36068927b0ea09244ac078772b293
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180911/c89763a8/attachment.html>

More information about the debian-security-tracker-commits mailing list