[Git][security-tracker-team/security-tracker][master] Update CVE-2018-2055{2,3}/tcpreplay after upstream feedback
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 15 07:05:41 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb4dc076 by Salvatore Bonaccorso at 2020-06-15T08:04:16+02:00
Update CVE-2018-2055{2,3}/tcpreplay after upstream feedback
The issues were fixed and got some additional hardening addressed in
4.4.3. For details please see https://bugs.debian.org/917574
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -82491,27 +82491,23 @@ CVE-2018-20555 (The Design Chemical Social Network Tabs plugin 1.7.1 for WordPre
CVE-2018-20554
RESERVED
CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len ...)
- - tcpreplay <unfixed> (low; bug #917574)
- [buster] - tcpreplay <no-dsa> (Minor issue)
+ - tcpreplay 4.3.1-1 (low; bug #917574)
[stretch] - tcpreplay <no-dsa> (Minor issue)
[jessie] - tcpreplay <no-dsa> (hard to exploit)
NOTE: https://github.com/appneta/tcpreplay/issues/530
NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
- NOTE: initial set of fixes were incorrect, see:
+ NOTE: initial set of fixes got additional hardening, see:
NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
- NOTE: and fixed later with
NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tre ...)
- - tcpreplay <unfixed> (low; bug #917574)
- [buster] - tcpreplay <no-dsa> (Minor issue)
+ - tcpreplay 4.3.1-1 (low; bug #917574)
[stretch] - tcpreplay <no-dsa> (Minor issue)
[jessie] - tcpreplay <no-dsa> (hard to exploit)
NOTE: https://github.com/appneta/tcpreplay/issues/530
NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
- NOTE: initial set of fixes were incorrect, see:
+ NOTE: initial set of fixes got additional hardening, see:
NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
- NOTE: and fixed later with
- NOTE: https://github.com/appneta/tcpreplay/pull/609
+ NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-1000893
RESERVED
CVE-2018-1000892
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb4dc0769d2632104365929b813eede1b696660c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb4dc0769d2632104365929b813eede1b696660c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200615/47875f4a/attachment.html>
More information about the debian-security-tracker-commits
mailing list