[Git][security-tracker-team/security-tracker][master] Add CVE-2018-12886/gcc

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
425e885c by Salvatore Bonaccorso at 2019-05-26T18:51:31Z
Add CVE-2018-12886/gcc

This defintively is not DSA material thus go and mark directly any
source affecting stable as ignored already as backporting the fix will
be quite intrusive.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49750,7 +49750,14 @@ CVE-2018-12888
 CVE-2018-12887
 	RESERVED
 CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...)
-	TODO: check
+	- gcc-snapshot <unfixed>
+	- gcc-8 <unfixed>
+	- gcc-7 <unfixed>
+	- gcc-6 <removed>
+	[stretch] - gcc-6 <ignored> (Too intrusive to backport)
+	- gcc-4.9 <removed>
+	- gcc-4.8 <removed>
+	NOTE: https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
 CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...)
 	NOT-FOR-US: MyCryptoChamp
 CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425e885c945d222ae1ad77f444ddbc88f53daed9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425e885c945d222ae1ad77f444ddbc88f53daed9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190526/bdb683a4/attachment-0001.html>