[Git][security-tracker-team/security-tracker][master] Add fixed version for rsync (CVE-2016-984{0,1,2,3})
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 15 11:35:47 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
412efdb4 by Salvatore Bonaccorso at 2019-03-15T11:34:35Z
Add fixed version for rsync (CVE-2016-984{0,1,2,3})
zlib embbeded copy in rsync has been fixed in rsync/3.1.3-6 via
unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -122964,7 +122964,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
- zlib 1:1.2.8.dfsg-3 (bug #847275)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
- - rsync <unfixed> (bug #924509)
+ - rsync 3.1.3-6 (bug #924509)
[stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
@@ -122972,7 +122972,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow .
- zlib 1:1.2.8.dfsg-3 (bug #847274)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
- - rsync <unfixed> (bug #924509)
+ - rsync 3.1.3-6 (bug #924509)
[stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
@@ -122980,7 +122980,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers t
- zlib 1:1.2.8.dfsg-4 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
- - rsync <unfixed> (bug #924509)
+ - rsync 3.1.3-6 (bug #924509)
[stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
@@ -122988,7 +122988,7 @@ CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers
- zlib 1:1.2.8.dfsg-3 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
- - rsync <unfixed> (bug #924509)
+ - rsync 3.1.3-6 (bug #924509)
[stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/412efdb493e5eb447919334c3c39e3c53cb01957
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/412efdb493e5eb447919334c3c39e3c53cb01957
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190315/210110aa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list