[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for upcoming lrzip security update

Markus Koschany (@apo) apo at debian.org
Sun Aug 1 22:02:02 BST 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c9be145 by Markus Koschany at 2021-08-01T23:01:24+02:00
Remove no-dsa tags for upcoming lrzip security update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -202503,7 +202503,6 @@ CVE-2018-11497
 	RESERVED
 CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...)
 	- lrzip 0.631+git180528-1
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/96
 	NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd
@@ -204930,7 +204929,6 @@ CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There i
 	NOT-FOR-US: Vesta Control Panel
 CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
 	- lrzip 0.631+git180517-1 (low; bug #897645)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <ignored> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/95
@@ -218911,7 +218909,6 @@ CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CV
 	NOT-FOR-US: Commvault
 CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
 	- lrzip 0.631+git180517-1 (bug #888506)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/91
@@ -219087,7 +219084,6 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
 CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
 	- lrzip 0.631+git180517-1 (bug #898451)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/90
@@ -219442,7 +219438,6 @@ CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress
 	NOT-FOR-US: dark-mode plugin for WordPress
 CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
 	- lrzip 0.631+git180517-1 (bug #887065)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/88
@@ -255702,13 +255697,11 @@ CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 F
 	NOT-FOR-US: Green Packet
 CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
 	- lrzip 0.631+git180517-1 (bug #866020)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/75
 CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
 	- lrzip 0.631+git180517-1 (bug #866022)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/74
@@ -260898,7 +260891,6 @@ CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so i
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...)
 	- lrzip 0.631+git180517-1 (bug #863150)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/71
@@ -260911,7 +260903,6 @@ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows  ...)
 	- lrzip 0.631+git180517-1 (bug #863153)
-	[stretch] - lrzip <no-dsa> (Minor issue)
 	[jessie] - lrzip <no-dsa> (Minor issue)
 	[wheezy] - lrzip <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckolivas/lrzip/issues/70



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9be1454dfba3c5fc2960ffe7e420b902327273

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9be1454dfba3c5fc2960ffe7e420b902327273
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210801/91ae48c1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list