[Git][security-tracker-team/security-tracker][master] 2 commits: several issues for zziplib have been fixed in Jessie

Sun Jun 28 13:34:31 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffc07d14 by Thorsten Alteholz at 2020-06-28T14:33:29+02:00
several issues for zziplib have been fixed in Jessie

- - - - -
4850498f by Thorsten Alteholz at 2020-06-28T14:34:19+02:00
Reserve DLA-2258-1 for zziplib

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104210,7 +104210,6 @@ CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal
 CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory  ...)
 	- zziplib 0.13.62-3.2 (low; bug #910335)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/58
 	NOTE: https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb
 	NOTE: https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687
@@ -127579,7 +127578,6 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea
 CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error cause ...)
 	- zziplib 0.13.62-3.2 (low; bug #913165)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/27
 	NOTE: https://github.com/gdraheim/zziplib/issues/41
@@ -127589,7 +127587,6 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error
 CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address  ...)
 	- zziplib 0.13.62-3.2 (low; bug #913165)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/39
 	NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 (v0.13.69)
@@ -130446,7 +130443,6 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an
 	{DLA-1287-1}
 	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/22
 	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
 CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / Dea ...)
@@ -131492,14 +131488,12 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_
 CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
 	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/16
 	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
 CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
 	- zziplib 0.13.62-3.2 (bug #923659)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/15
 	NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07 (v0.13.68)
@@ -131759,7 +131753,6 @@ CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign i
 CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
 	- zziplib 0.13.62-3.2 (bug #889089)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/14
 	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
@@ -132002,7 +131995,6 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
 CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
 	- zziplib 0.13.62-3.2 (bug #889096)
 	[stretch] - zziplib 0.13.62-3.2~deb9u1
-	[jessie] - zziplib <no-dsa> (Minor issue)
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/12
 	NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598 (v0.13.68)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2020] DLA-2258-1 zziplib - security update
+	{CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-16548}
+	[jessie] - zziplib 0.13.62-3+deb8u2
 [28 Jun 2020] DLA-2257-1 pngquant - security update
 	{CVE-2016-5735}
 	[jessie] - pngquant 2.3.0-1+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/485fb2ba1d2da486faa6163fdfe3202759822683...4850498f443aba89f6d6ace105fee72c75d6ecb3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/485fb2ba1d2da486faa6163fdfe3202759822683...4850498f443aba89f6d6ace105fee72c75d6ecb3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200628/615da5dc/attachment.html>
