[Git][security-tracker-team/security-tracker][master] Add further notes for mgetty issues

Salvatore Bonaccorso carnil at debian.org
Tue Sep 11 20:16:43 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2225e4a by Salvatore Bonaccorso at 2018-09-11T19:16:09Z
Add further notes for mgetty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -208,25 +208,32 @@ CVE-2018-16746
 CVE-2018-16745 [buffer overflow in faxrec]
 	RESERVED
 	- mgetty <unfixed>
+	[stretch] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
 CVE-2018-16744 [command injection in faxrec.c]
 	RESERVED
 	- mgetty <unfixed>
+	[stretch] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
 CVE-2018-16743 [stack-based buffer overflow with long username in contrib/next-login/login.c]
 	RESERVED
 	- mgetty <unfixed> (unimportant)
 	NOTE: contrib/next-login/ not built in Debian packaging
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+	NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
 CVE-2018-16742 [stack-based buffer overflow with long arguments in contrib/scrts.c]
 	RESERVED
 	- mgetty <unfixed> (unimportant)
-	NOTE: contri/scrts not built in Debian packaging
+	NOTE: contrib/scrts not built in Debian packaging
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+	NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
 CVE-2018-16741 [shell injection via faxq-helper]
 	RESERVED
 	- mgetty <unfixed>
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+	NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
 CVE-2018-16740
 	RESERVED
 CVE-2018-16739



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2225e4ade8c901231b43ccfeb3ba9c404cacde2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2225e4ade8c901231b43ccfeb3ba9c404cacde2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180911/cf2d1220/attachment.html>

More information about the debian-security-tracker-commits mailing list