[Git][security-tracker-team/security-tracker][master] 2 commits: Add references for CVE-2017-2808/ledger

Salvatore Bonaccorso carnil at debian.org
Sat Jan 26 20:52:43 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ed87bc3 by Salvatore Bonaccorso at 2019-01-26T20:50:00Z
Add references for CVE-2017-2808/ledger

- - - - -
acb3af08 by Salvatore Bonaccorso at 2019-01-26T20:50:50Z
Add references for CVE-2017-2807

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -115878,12 +115878,16 @@ CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account
 	[jessie] - ledger <no-dsa> (Minor issue)
 	[wheezy] - ledger <no-dsa> (Minor issue)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304
+	NOTE: https://github.com/ledger/ledger/issues/1723
+	NOTE: https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a
 CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
 	- ledger <unfixed> (low; bug #876660)
 	[stretch] - ledger <no-dsa> (Minor issue)
 	[jessie] - ledger <no-dsa> (Minor issue)
 	[wheezy] - ledger <no-dsa> (Minor issue)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
+	NOTE: https://github.com/ledger/ledger/issues/1722
+	NOTE: https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7
 CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
 	NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality
 CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/54eae2de5befa0fd52e5ccac08f0641bd97ebc6f...acb3af08418561ee15b5c35cffe3fe384613f597

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/54eae2de5befa0fd52e5ccac08f0641bd97ebc6f...acb3af08418561ee15b5c35cffe3fe384613f597
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190126/67dcb45b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list