[Git][security-tracker-team/security-tracker][master] Mark yara not-affected in Jessie and Stretch
Brian May
bam at debian.org
Fri Aug 9 08:32:53 BST 2019
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dddd2c99 by Brian May at 2019-08-09T07:30:01Z
Mark yara not-affected in Jessie and Stretch
First version of yara to include the dex module was version 3.8.0:
https://github.com/VirusTotal/yara/commit/e6e436008b7776a736960c2e53408e24c4323ddb
As this bug is specific to the dex module, earlier versions are not
affected.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -27189,6 +27189,8 @@ CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3)
NOT-FOR-US: Official Alpine Linux Docker images
CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...)
- yara 3.9.0-1
+ [stretch] - yara <not-affected> (dex module introduced in 3.8.0)
+ [jessie] - yara <not-affected> (dex module introduced in 3.8.0)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781
NOTE: https://github.com/VirusTotal/yara/issues/1023
NOTE: https://github.com/VirusTotal/yara/commit/1ecb0e66431bf5c5b4c2fdf622be969eb5f4a7cc
=====================================
data/dla-needed.txt
=====================================
@@ -146,5 +146,3 @@ xen
--
xymon (Thorsten alteholz)
--
-yara
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dddd2c992db7f95d89c7ebe65752ef79d39506b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dddd2c992db7f95d89c7ebe65752ef79d39506b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/7e87caf1/attachment.html>
More information about the debian-security-tracker-commits
mailing list