[Git][security-tracker-team/security-tracker][master] Add three new dhcpcd5 issues (#928056, #928104, #928105)

Salvatore Bonaccorso carnil at debian.org
Sun Apr 28 10:16:09 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46c7dfc9 by Salvatore Bonaccorso at 2019-04-28T09:14:25Z
Add three new dhcpcd5 issues (#928056, #928104, #928105)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-XXXX [DHCPv6: Fix a potential buffer overflow reading NA/TA addresses]
+	- dhcpcd5 <unfixed> (bug #928105)
+	[stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
+	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
+CVE-2019-XXXX [DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED]
+	- dhcpcd5 <unfixed> (bug #928104)
+	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
+CVE-2019-XXXX [auth: Use consttime_memequal to avoid latency attack consttime_memequal is supplied if libc does not support it]
+	- dhcpcd5 <unfixed> (bug #928056)
+	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
+	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
+	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
 CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have completed 2F ...)
 	- gitea <removed>
 CVE-2019-11575



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c7dfc9db6ecfd1f95732623065cf5562cd1c8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c7dfc9db6ecfd1f95732623065cf5562cd1c8b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190428/7ae09bb1/attachment.html>

More information about the debian-security-tracker-commits mailing list