[Git][security-tracker-team/security-tracker][master] Mark radare2 issues as no-dsa on jessie
Emilio Pozuelo Monfort
pochu at debian.org
Fri Feb 21 09:36:21 GMT 2020
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2b90edc by Emilio Pozuelo Monfort at 2020-02-21T10:35:10+01:00
Mark radare2 issues as no-dsa on jessie
radare2 has been removed from buster and stretch. We can't do the
same for jessie as there are no point releases there, but we can
mark it as unsupported there. See the thread starting at
https://lists.debian.org/debian-lts/2019/08/msg00038.html
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -16467,6 +16467,7 @@ CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3
NOTE: https://github.com/VirusTotal/yara/issues/1178
CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable in the ...)
- radare2 4.2.1+dfsg-1 (bug #947402)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radareorg/radare2/issues/15545
NOTE: https://github.com/radareorg/radare2/commit/07b5e062f2d4a00403ff031302cb18dfa58e3805 (4.1.0)
CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_ ...)
@@ -17672,6 +17673,7 @@ CVE-2019-19591
RESERVED
CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...)
- radare2 4.2.1+dfsg-1 (bug #947791)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radareorg/radare2/issues/15543
NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...)
@@ -35359,6 +35361,7 @@ CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injecti
NOT-FOR-US: KuaiFanCMS
CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
- radare2 3.9.0+dfsg-1 (bug #934204)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/pull/14690
NOTE: When fixing this ussue make sure to not only apply the initial commits but
NOTE: as well the followups to avoid opening CVE-2019-16718:
=====================================
data/dla-needed.txt
=====================================
@@ -63,14 +63,6 @@ qemu (Utkarsh Gupta)
--
qtbase-opensource-src (Mike Gabriel)
--
-radare2
- NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
- NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.
- NOTE: Also note that there is a r2-pwnDebian challenge...
- NOTE: https://bananamafia.dev/post/r2-pwndebian/ (apo)
- NOTE: Support status is being discussed at:
- NOTE: https://lists.debian.org/debian-lts/2019/08/msg00064.html
---
ruby-rack
NOTE: 20191219: The security update causes a regression and also, there's a
NOTE: slight possibility of this patch inducing a backdoor on its own. (utkarsh2102)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2b90edc5b8d01b78820f491dbd8e3d0cb737ce1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d2b90edc5b8d01b78820f491dbd8e3d0cb737ce1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/3dd27e97/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list