[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2019-11578 in dhcpcd5 for jessie LTS; vulnerable authentication code introduced later.

Chris Lamb lamby at debian.org
Thu May 2 11:18:08 BST 2019 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f0556e3 by Chris Lamb at 2019-05-02T10:13:30Z
Triage CVE-2019-11578 in dhcpcd5 for jessie LTS; vulnerable authentication code introduced later.

- - - - -
b0c730aa by Chris Lamb at 2019-05-02T10:17:14Z
Triage CVE-2019-11579 in dhcpcd5 for jessie LTS; vulnerable code added later.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -248,10 +248,12 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna i
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
 	- dhcpcd5 <unfixed> (low; bug #928104)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
+	[jessie] - dhcpcd5 <not-affected> (Vulnerable code added later)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...)
 	- dhcpcd5 <unfixed> (low; bug #928056)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
+	[jessie] - dhcpcd5 <not-affected> (Vulnerable authentication code introduced later)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/09b7fd3e44467549b61810106b53c1ce26da22e4...b0c730aa1c8adf6395eea6ee09b8ee5da09ed6e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/09b7fd3e44467549b61810106b53c1ce26da22e4...b0c730aa1c8adf6395eea6ee09b8ee5da09ed6e3
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190502/6ac0001d/attachment.html>

More information about the debian-security-tracker-commits mailing list