[Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.
Markus Koschany
apo at debian.org
Fri Aug 16 21:11:58 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc35662f by Markus Koschany at 2019-08-16T20:11:47Z
Add radare2 to dla-needed.txt with comments.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -94,6 +94,13 @@ qemu
NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/q/qemu/qemu_2.1+dfsg-12+deb8u12.dsc
NOTE: 20190529: More testing needed.
--
+radare2
+ NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
+ NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch. Should we
+ NOTE: continue the current approach, update to a newer upstream version or mark
+ NOTE: radare2 as unsupported? Also note that there is a r2-pwnDebian challenge...
+ NOTE: https://bananamafia.dev/post/r2-pwndebian/ (apo)
+--
ruby-mini-magick (Thorsten Alteholz)
NOTE: 20190805: package does not build in Jessie
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc35662f3eec4ddc0316774acc8de9e228ee8012
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bc35662f3eec4ddc0316774acc8de9e228ee8012
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190816/fd60f26e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list