[Git][security-tracker-team/security-tracker][master] dhcpcd5 issues fixed in unstable (CVE-2019-1157{7,8,9} and CVE-2019-11766)

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
699d7330 by Salvatore Bonaccorso at 2019-05-07T20:11:44Z
dhcpcd5 issues fixed in unstable (CVE-2019-1157{7,8,9} and CVE-2019-11766)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,7 +93,7 @@ CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows
 	[jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function)
 	NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941
 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over ...)
-	- dhcpcd5 <unfixed> (bug #928440)
+	- dhcpcd5 7.1.0-2 (bug #928440)
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
 CVE-2019-11765
@@ -536,16 +536,16 @@ CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress al
 CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
 	NOT-FOR-US: WordPress plugin form-maker
 CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...)
-	- dhcpcd5 <unfixed> (bug #928105)
+	- dhcpcd5 7.1.0-2 (bug #928105)
 	[stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
-	- dhcpcd5 <unfixed> (low; bug #928104)
+	- dhcpcd5 7.1.0-2 (low; bug #928104)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...)
-	- dhcpcd5 <unfixed> (low; bug #928056)
+	- dhcpcd5 7.1.0-2 (low; bug #928056)
 	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
 	[jessie] - dhcpcd5 <not-affected> (Authentication code added in later versions)
 	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/699d73301d326f66c37c17f44ce9011f75640dd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/699d73301d326f66c37c17f44ce9011f75640dd0
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190507/e6b7517a/attachment.html>