[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Re-add dhcpcd5 for jessie; code is likely vulnerable.

Chris Lamb lamby at debian.org
Sat May 4 23:48:14 BST 2019 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b81f13a5 by Chris Lamb at 2019-05-04T22:47:12Z
data/dla-needed.txt: Re-add dhcpcd5 for jessie; code is likely vulnerable.

This reverts commits 4f0556e33b6b351468a82b88194e47ffe05bf0bc
and b0c730aa1c8adf6395eea6ee09b8ee5da09ed6e3.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -443,12 +443,10 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna i
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
 	- dhcpcd5 <unfixed> (low; bug #928104)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
-	[jessie] - dhcpcd5 <not-affected> (Vulnerable code added later)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...)
 	- dhcpcd5 <unfixed> (low; bug #928056)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
-	[jessie] - dhcpcd5 <not-affected> (Vulnerable authentication code introduced later)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e


=====================================
data/dla-needed.txt
=====================================
@@ -19,6 +19,8 @@ bind9 (Thorsten Alteholz)
 claws-mail
   NOTE: 20190408: patch not yet available
 --
+dhcpcd5
+--
 drupal7 (Jonas Meurer)
 --
 evolution-ews



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b81f13a548e5b2898b8795a9c5df02b48a6bf381

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b81f13a548e5b2898b8795a9c5df02b48a6bf381
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190504/f0b67014/attachment.html>

More information about the debian-security-tracker-commits mailing list