[Git][security-tracker-team/security-tracker][master] Add further notes for mgetty issues
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 11 20:16:43 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2225e4a by Salvatore Bonaccorso at 2018-09-11T19:16:09Z
Add further notes for mgetty issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -208,25 +208,32 @@ CVE-2018-16746
CVE-2018-16745 [buffer overflow in faxrec]
RESERVED
- mgetty <unfixed>
+ [stretch] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+ NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16744 [command injection in faxrec.c]
RESERVED
- mgetty <unfixed>
+ [stretch] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+ NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16743 [stack-based buffer overflow with long username in contrib/next-login/login.c]
RESERVED
- mgetty <unfixed> (unimportant)
NOTE: contrib/next-login/ not built in Debian packaging
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+ NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
CVE-2018-16742 [stack-based buffer overflow with long arguments in contrib/scrts.c]
RESERVED
- mgetty <unfixed> (unimportant)
- NOTE: contri/scrts not built in Debian packaging
+ NOTE: contrib/scrts not built in Debian packaging
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+ NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
CVE-2018-16741 [shell injection via faxq-helper]
RESERVED
- mgetty <unfixed>
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
+ NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
CVE-2018-16740
RESERVED
CVE-2018-16739
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2225e4ade8c901231b43ccfeb3ba9c404cacde2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2225e4ade8c901231b43ccfeb3ba9c404cacde2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180911/cf2d1220/attachment.html>
More information about the debian-security-tracker-commits
mailing list