[Git][security-tracker-team/security-tracker][master] 2 commits: fix missing only for Jessie, so this will be done now ...

Thorsten Alteholz alteholz at debian.org
Sun Apr 26 19:08:56 BST 2020



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04ef8910 by Thorsten Alteholz at 2020-04-26T20:08:13+02:00
fix missing only for Jessie, so this will be done now ...

- - - - -
f510036b by Thorsten Alteholz at 2020-04-26T20:08:43+02:00
Reserve DLA-2189-1 for rzip

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -168598,7 +168598,6 @@ CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows rem
 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers  ...)
 	{DLA-955-1}
 	- rzip 2.1-4.1 (bug #861614)
-	[jessie] - rzip <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
 	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
 CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Apr 2020] DLA-2189-1 rzip - security update
+	{CVE-2017-8364}
+	[jessie] - rzip 2.1-2+deb8u1
 [26 Apr 2020] DLA-2188-1 php5 - security update
 	{CVE-2020-7064 CVE-2020-7066 CVE-2020-7067}
 	[jessie] - php5 5.6.40+dfsg-0+deb8u11



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70d5027d56470848e867a91669c1e76f4bca4ac7...f510036bb8254d643c39bf042e2472446da55ef3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70d5027d56470848e867a91669c1e76f4bca4ac7...f510036bb8254d643c39bf042e2472446da55ef3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200426/ce2ced34/attachment.html>


More information about the debian-security-tracker-commits mailing list