[Git][security-tracker-team/security-tracker][master] Mark yara not-affected in Jessie and Stretch

Brian May bam at debian.org
Fri Aug 9 08:32:53 BST 2019



Brian May pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dddd2c99 by Brian May at 2019-08-09T07:30:01Z
Mark yara not-affected in Jessie and Stretch

First version of yara to include the dex module was version 3.8.0:

https://github.com/VirusTotal/yara/commit/e6e436008b7776a736960c2e53408e24c4323ddb

As this bug is specific to the dex module, earlier versions are not
affected.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -27189,6 +27189,8 @@ CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3)
 	NOT-FOR-US: Official Alpine Linux Docker images
 CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...)
 	- yara 3.9.0-1
+	[stretch] - yara <not-affected> (dex module introduced in 3.8.0)
+	[jessie] - yara <not-affected> (dex module introduced in 3.8.0)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781
 	NOTE: https://github.com/VirusTotal/yara/issues/1023
 	NOTE: https://github.com/VirusTotal/yara/commit/1ecb0e66431bf5c5b4c2fdf622be969eb5f4a7cc


=====================================
data/dla-needed.txt
=====================================
@@ -146,5 +146,3 @@ xen
 --
 xymon (Thorsten alteholz)
 --
-yara
---



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dddd2c992db7f95d89c7ebe65752ef79d39506b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dddd2c992db7f95d89c7ebe65752ef79d39506b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/7e87caf1/attachment.html>


More information about the debian-security-tracker-commits mailing list