[Git][security-tracker-team/security-tracker][master] Track fixes for various CVEs in unstable for tcpreplay upload

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 09:45:08 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e001bc99 by Salvatore Bonaccorso at 2019-02-12T09:44:34Z
Track fixes for various CVEs in unstable for tcpreplay upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10126,13 +10126,13 @@ CVE-2018-20555
 CVE-2018-20554
 	RESERVED
 CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len ...)
-	- tcpreplay <unfixed> (low; bug #917574)
+	- tcpreplay 4.3.1-1 (low; bug #917574)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (not used by any sponsor, hard to exploit)
 	NOTE: https://github.com/appneta/tcpreplay/issues/530
 	NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
 CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree ...)
-	- tcpreplay <unfixed> (low; bug #917574)
+	- tcpreplay 4.3.1-1 (low; bug #917574)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (not used by any sponsor, hard to exploit)
 	NOTE: https://github.com/appneta/tcpreplay/issues/530
@@ -22781,13 +22781,13 @@ CVE-2018-18409 (A stack-based buffer over-read exists in setbit() at iptree.h of
 	NOTE: https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-18408 (A use-after-free was discovered in the tcpbridge binary of Tcpreplay ...)
-	- tcpreplay <unfixed> (bug #911493)
+	- tcpreplay 4.3.1-1 (bug #911493)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/489
 	NOTE: https://github.com/appneta/tcpreplay/commit/59dc76a1d641b1a6b22fd7cd409bee6e0a015616
 CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-edit ...)
-	- tcpreplay <unfixed> (bug #911454)
+	- tcpreplay 4.3.1-1 (bug #911454)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/488
@@ -24036,7 +24036,7 @@ CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x before
 	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
 	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/50744
 CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer ...)
-	- tcpreplay <unfixed> (bug #910598)
+	- tcpreplay 4.3.1-1 (bug #910598)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/486
@@ -24929,7 +24929,7 @@ CVE-2018-17584
 CVE-2018-17583
 	RESERVED
 CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The ...)
-	- tcpreplay <unfixed> (bug #910597)
+	- tcpreplay 4.3.1-1 (bug #910597)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/484
@@ -24941,7 +24941,7 @@ CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26
 	NOTE: https://github.com/Exiv2/exiv2/issues/460
 	NOTE: Fixed in: https://github.com/Exiv2/exiv2/commit/b3d077dcaefb6747fff8204490f33eba5a144edb
 CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...)
-	- tcpreplay <unfixed> (bug #910596)
+	- tcpreplay 4.3.1-1 (bug #910596)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/485
@@ -36247,7 +36247,7 @@ CVE-2018-13114 (Missing authentication and improper input validation in KERUI Wi
 CVE-2018-13113 (The transfer and transferFrom functions of a smart contract ...)
 	NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token
 CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote ...)
-	- tcpreplay <unfixed> (low; bug #902952)
+	- tcpreplay 4.3.1-1 (low; bug #902952)
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/477



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e001bc99c2c1932a20b195ce281a0385fa9128af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e001bc99c2c1932a20b195ce281a0385fa9128af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/27cfc32b/attachment.html>

More information about the debian-security-tracker-commits mailing list