[Git][security-tracker-team/security-tracker][master] 2 commits: add fix for mosquitto CVEs

Thu Sep 27 21:03:15 BST 2018

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56fd2c00 by Thorsten Alteholz at 2018-09-27T19:57:56Z
add fix for mosquitto CVEs

- - - - -
754d827a by Thorsten Alteholz at 2018-09-27T19:58:50Z
Reserve DLA-1524-1 for libxml2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76747,9 +76747,11 @@ CVE-2017-7655
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
+	NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
 CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject ...)
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
+	NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
 CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...)
 	{DLA-1409-1 DLA-1334-1}
 	- mosquitto 1.4.15-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Sep 2018] DLA-1524-1 libxml2 - security update
+	{CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567}
+	[jessie] - libxml2 2.9.1+dfsg1-5+deb8u7
 [27 Sep 2018] DLA-1523-1 asterisk - security update
 	{CVE-2018-17281}
 	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u6


=====================================
data/dla-needed.txt
=====================================
@@ -45,10 +45,6 @@ libav (Hugo Lefeuvre)
 --
 libspring-java (Abhijith PA)
 --
-libxml2 (Thorsten Alteholz)
-  NOTE: 20180720: There are many open CVEs marked as <no-dsa> for jessie and stretch.
-  NOTE: 20180720: My  sense is that someone should go over them and fix those that are fixable.
---
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/31fe34afa4f5f79defbce03564647540816d07c7...754d827a50894e92aa730e017d3daa0d61505ef2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/31fe34afa4f5f79defbce03564647540816d07c7...754d827a50894e92aa730e017d3daa0d61505ef2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180927/ce2f3076/attachment.html>
