[Git][security-tracker-team/security-tracker][master] Track fixes for zziplib via unstable for several issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ee9b6a0 by Salvatore Bonaccorso at 2019-03-12T06:47:20Z
Track fixes for zziplib via unstable for several issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32410,7 +32410,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t
 CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...)
 	NOT-FOR-US: HScripts PHP File Browser Script
 CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
-	- zziplib <unfixed> (low; bug #910335)
+	- zziplib 0.13.62-3.2 (low; bug #910335)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/58
@@ -55534,7 +55534,7 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea
 	NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
 	NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary packages.
 CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...)
-	- zziplib <unfixed> (low; bug #913165)
+	- zziplib 0.13.62-3.2 (low; bug #913165)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -55544,7 +55544,7 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error
 	NOTE: https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be (v0.13.69)
 	NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
 CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
-	- zziplib <unfixed> (low; bug #913165)
+	- zziplib 0.13.62-3.2 (low; bug #913165)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -58399,7 +58399,7 @@ CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.
 	NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
 	{DLA-1287-1}
-	- zziplib <unfixed> (bug #889089)
+	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/22
@@ -59447,14 +59447,14 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
 	NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
 	NOTE: Negligible impact and unzzipcat utility not installed into binary packages
 CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
-	- zziplib <unfixed> (bug #889089)
+	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/16
 	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
 CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
-	- zziplib <unfixed> (bug #923659)
+	- zziplib 0.13.62-3.2 (bug #923659)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
@@ -59714,7 +59714,7 @@ CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign i
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
 CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
-	- zziplib <unfixed> (bug #889089)
+	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
@@ -59957,7 +59957,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
 	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
 	NOTE: https://mantisbt.org/bugs/view.php?id=23908
 CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid ...)
-	- zziplib <unfixed> (bug #889096)
+	- zziplib 0.13.62-3.2 (bug #889096)
 	[stretch] - zziplib <no-dsa> (Minor issue)
 	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee9b6a0ea35120996f03053fd153ab7d75dc88e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee9b6a0ea35120996f03053fd153ab7d75dc88e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190312/27594f9a/attachment.html>