[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2017-7875 has been fixed

Thorsten Alteholz alteholz at debian.org
Sun May 24 18:42:43 BST 2020



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f996678 by Thorsten Alteholz at 2020-05-24T19:40:51+02:00
CVE-2017-7875 has been fixed

- - - - -
cd915f61 by Thorsten Alteholz at 2020-05-24T19:41:55+02:00
CVE-2016-6318 has been fixed for Jessie

- - - - -
1ca75595 by Thorsten Alteholz at 2020-05-24T19:42:31+02:00
Reserve DLA-2220-1 for cracklib2

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -173432,7 +173432,6 @@ CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ..
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...)
 	{DLA-899-1}
 	- feh 2.18-2 (low; bug #860367)
-	[jessie] - feh <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
 CVE-2017-7874
 	REJECTED
@@ -206375,7 +206374,6 @@ CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_help
 CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in lib/fa ...)
 	{DLA-599-1}
 	- cracklib2 2.9.2-2 (bug #834502)
-	[jessie] - cracklib2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
 	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
 CVE-2016-6317 (Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 May 2020] DLA-2220-1 cracklib2 - security update
+	{CVE-2016-6318}
+	[jessie] - cracklib2 2.9.2-1+deb8u1
 [24 May 2020] DLA-2219-1 feh - security update
 	{CVE-2017-7875}
 	[jessie] - feh 2.12-1+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfd45c1f6901ec74d662f4f549ff9b0655350e84...1ca755954dfa37f19d8976c14f29c0c5861dc4f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfd45c1f6901ec74d662f4f549ff9b0655350e84...1ca755954dfa37f19d8976c14f29c0c5861dc4f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200524/da9af6e1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list