[Git][security-tracker-team/security-tracker][master] 18 commits: CVE-2018-18521 will be fixed in Jessie

Thorsten Alteholz alteholz at debian.org
Mon Feb 25 13:51:09 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fb8ad55 by Thorsten Alteholz at 2019-02-25T13:09:58Z
CVE-2018-18521 will be fixed in Jessie

- - - - -
4a5e6ec5 by Thorsten Alteholz at 2019-02-25T13:15:42Z
add link to fix for CVE-2018-18521

- - - - -
b6484183 by Thorsten Alteholz at 2019-02-25T13:16:22Z
CVE-2018-18520 will be fixed in Jessie

- - - - -
f75ca0d5 by Thorsten Alteholz at 2019-02-25T13:17:26Z
add link to fix for CVE-2018-18520

- - - - -
21a3682d by Thorsten Alteholz at 2019-02-25T13:19:20Z
CVE-2018-18310 will be fixed in Jessie

- - - - -
db989cb0 by Thorsten Alteholz at 2019-02-25T13:21:09Z
add link to fix for CVE-2018-18310

- - - - -
5277f382 by Thorsten Alteholz at 2019-02-25T13:24:00Z
CVE-2018-16062 will be fixed in Jessie

- - - - -
b4a42173 by Thorsten Alteholz at 2019-02-25T13:25:52Z
CVE-2017-7613 will be fixed in Jessie

- - - - -
bef3b577 by Thorsten Alteholz at 2019-02-25T13:28:49Z
add link to fix for CVE-2017-7613

- - - - -
13079fe5 by Thorsten Alteholz at 2019-02-25T13:32:34Z
jessie will be fixed, not wheezy

- - - - -
bb1f8a82 by Thorsten Alteholz at 2019-02-25T13:33:32Z
CVE-2017-7612 will be fixed in Jessie

- - - - -
ecdf90f0 by Thorsten Alteholz at 2019-02-25T13:35:35Z
add link to fix for CVE-2017-7612

- - - - -
17483842 by Thorsten Alteholz at 2019-02-25T13:36:11Z
CVE-2017-7611 will be fixed in Jessie

- - - - -
1ea7aa08 by Thorsten Alteholz at 2019-02-25T13:37:01Z
add link to fix for CVE-2017-7611

- - - - -
5941955d by Thorsten Alteholz at 2019-02-25T13:38:31Z
CVE-2017-7610 will be fixed in Jessie

- - - - -
6a900996 by Thorsten Alteholz at 2019-02-25T13:39:19Z
add link to fix for CVE-2017-7610

- - - - -
ac58483c by Thorsten Alteholz at 2019-02-25T13:41:19Z
CVE-2017-7608 will be fixed in Jessie

- - - - -
df095d34 by Thorsten Alteholz at 2019-02-25T13:41:50Z
add link to fix for CVE-2017-7608

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25563,15 +25563,15 @@ CVE-2018-18522
 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
 	- elfutils 0.175-1 (low; bug #911413)
 	[stretch] - elfutils <no-dsa> (Minor issue)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
 	- elfutils 0.175-1 (low; bug #911414)
 	[stretch] - elfutils <no-dsa> (Minor issue)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
 CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain ...)
 	NOT-FOR-US: BestXsoftware Best Free Keylogger
 CVE-2018-18518
@@ -26199,9 +26199,9 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
 CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
 	- elfutils 0.175-1 (bug #911083)
 	[stretch] - elfutils <no-dsa> (Minor issue)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
 CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
 	[experimental] - binutils 2.31.51.20181022-1
 	- binutils <unfixed>
@@ -32081,7 +32081,6 @@ CVE-2018-16063
 CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before ...)
 	- elfutils 0.175-1 (bug #907562)
 	[stretch] - elfutils <no-dsa> (Minor issue)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
 CVE-2018-16061
@@ -106263,28 +106262,28 @@ CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
 	- elfutils 0.168-1 (bug #859990)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859991)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
 CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859992)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
 	- elfutils 0.168-1 (bug #859993)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
 CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...)
 	- elfutils 0.168-1 (bug #859994)
 	[jessie] - elfutils <not-affected> (Vulnerable code not present)
@@ -106293,10 +106292,10 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compr
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
 CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...)
 	- elfutils 0.168-1 (bug #859995)
-	[jessie] - elfutils <no-dsa> (Minor issue)
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
+        NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
 CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows ...)
 	- elfutils 0.168-1 (bug #859996)
 	[jessie] - elfutils <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/973369c55d4e3e5124e324bff1803aa315ad3c93...df095d34495796f8590e924dd988dcc3bf13aed7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/973369c55d4e3e5124e324bff1803aa315ad3c93...df095d34495796f8590e924dd988dcc3bf13aed7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190225/79447a87/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list