[Git][security-tracker-team/security-tracker][master] Update record for CVE-2018-16301

Salvatore Bonaccorso carnil at debian.org
Sun Oct 6 10:55:09 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b16c7fd by Salvatore Bonaccorso at 2019-10-06T09:53:38Z
Update record for CVE-2018-16301

According to hthe provided further description it is in the RPCAPD
deamon and as such can be marked unimportant as we do not build it int
the binary packages. The source then is introduced only in 1.9.0 and
thus does not affect buster and earlier, and upstream fixed in in the
1.9.1 version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57678,9 +57678,12 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
 CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
 	NOT-FOR-US: MediaComm Zip-n-Go
 CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer ov ...)
-	- libpcap <unfixed> (bug #941697)
-	TODO: check for fixing commit, is adressed in libpcap 1.9.1
+	- libpcap <unfixed> (bug #941697; unimportant)
+	[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
+	[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
+	[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
 	NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked upstream for info)
+	NOTE: rpcapd not built in Debian.
 CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
 	- tcpdump <unfixed> (bug #941698)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b16c7fdb083820ce9daaba4e8d732e97be4d383

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b16c7fdb083820ce9daaba4e8d732e97be4d383
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191006/476366c0/attachment.html>

More information about the debian-security-tracker-commits mailing list