[Git][security-tracker-team/security-tracker][master] Reserve DLA-2802-1 for elfutils

Adrian Bunk (@bunk) bunk at debian.org
Sat Oct 30 22:13:07 BST 2021 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c62f7fcb by Adrian Bunk at 2021-10-31T00:12:40+03:00
Reserve DLA-2802-1 for elfutils

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -175186,7 +175186,6 @@ CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application
 CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
 	{DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #921880)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=de01cc6f9446187d69b9748bb3636361c79e77a4
@@ -176766,7 +176765,6 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFun
 CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...)
 	{DLA-1689-1}
 	- elfutils 0.176-1 (low; bug #920909)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
@@ -199112,14 +199110,12 @@ CVE-2018-18522
 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in  ...)
 	{DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911413)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...)
 	{DLA-1689-1}
 	- elfutils 0.175-1 (low; bug #911414)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
@@ -199764,7 +199760,6 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
 CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...)
 	{DLA-1689-1}
 	- elfutils 0.175-1 (bug #911083)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
@@ -204950,7 +204945,6 @@ CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list in
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
 CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a  ...)
 	- elfutils 0.175-1 (low)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	[jessie] - elfutils <not-affected> (vulnerable code introduced later)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa
@@ -205791,7 +205785,6 @@ CVE-2018-16063
 CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...)
 	{DLA-1689-1}
 	- elfutils 0.175-1 (bug #907562)
-	[stretch] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
 CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Oct 2021] DLA-2802-1 elfutils - security update
+	{CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665}
+	[stretch] - elfutils 0.168-1+deb9u1
 [30 Oct 2021] DLA-2801-1 cron - security update
 	{CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706}
 	[stretch] - cron 3.0pl1-128+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -29,8 +29,6 @@ debian-archive-keyring
   NOTE: 20211018: Jonathan is prepping the branch; will work
   NOTE: 20211018: with him and upload and publish the DLA. (utkarsh)
 --
-elfutils (Adrian Bunk)
---
 exiv2 (Thorsten Alteholz)
   NOTE: 20211024: WIP, not yet finished
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62f7fcbe83423afee5e68a3cc97cf0823b1cbad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c62f7fcbe83423afee5e68a3cc97cf0823b1cbad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211030/c7f76ff9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list