[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Sat Mar 30 23:34:58 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18ca403c by Moritz Muehlenhoff at 2019-03-30T23:34:33Z
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2732,6 +2732,7 @@ CVE-2019-9755 [heap buffer overflow]
 	NOTE: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
 CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
 	- tcc <unfixed> (low; bug #925127)
+	[buster] - tcc <no-dsa> (Minor issue)
 	[stretch] - tcc <no-dsa> (Minor issue)
 	[jessie] - tcc <no-dsa> (Minor issue)
 	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html
@@ -44678,6 +44679,8 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L
 	- linux <unfixed>
 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered  ...)
 	- linux <unfixed> (low)
+	[buster] - linux <ignored> (Minor issue)
+	[stretch] - linux <ignored> (Minor issue)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384
 	NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2
@@ -116378,8 +116381,8 @@ CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 a
 	- zziplib 0.13.62-3.1 (bug #854727)
 	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
 CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.6 ...)
-	- zziplib <unfixed> (bug #864150; bug #854727)
-	[stretch] - zziplib <ignored> (Minor issue)
+	{DSA-3878-1}
+	- zziplib 0.13.62-3.1 (bug #864150; bug #854727)
 	[jessie] - zziplib <ignored> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
@@ -162254,6 +162257,7 @@ CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from un
 	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
 	NOTE: Patch is discussed in http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441
 	NOTE: and http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088
+	NOTE: https://git.kernel.org/linus/7681f31ec9cdacab4fd10570be924f2cef6669ba
 CVE-2015-8552 (The PCI backend driver in Xen, when running on an x86 system and using ...)
 	{DSA-3434-1}
 	[experimental] - linux 4.4~rc6-1~exp1
@@ -166280,6 +166284,7 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i
 	NOTE: http://xenbits.xen.org/xsa/advisory-145.html
 CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
 	- linux <unfixed>
+	[buster] - linux <ignored> (Minor issue, requires invasive changes)
 	[stretch] - linux <ignored> (Minor issue, requires invasive changes)
 	[jessie] - linux <ignored> (Minor issue, requires invasive changes)
 	[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)


=====================================
data/DSA/list
=====================================
@@ -1869,7 +1869,7 @@
 	{CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853}
 	[jessie] - libosip2 4.1.0-2+deb8u1
 [12 Jun 2017] DSA-3878-1 zziplib - security update
-	{CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981}
+	{CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981}
 	[jessie] - zziplib 0.13.62-3+deb8u1
 [10 Jun 2017] DSA-3877-1 tor - security update
 	{CVE-2017-0376}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18ca403c2a20a11c2ae0836e7fa7873b76ad1319

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18ca403c2a20a11c2ae0836e7fa7873b76ad1319
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190330/89b8eff0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list