[Git][security-tracker-team/security-tracker][master] lrzip: reference CVE-2017-884X unimportant issues fixed by DLA single patch

Thu Apr 7 17:22:12 BST 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c602bf6f by Sylvain Beucler at 2022-04-07T18:21:02+02:00
lrzip: reference CVE-2017-884X unimportant issues fixed by DLA single patch

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -309310,6 +309310,7 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by
 CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a pa ...)
 	NOT-FOR-US: Allen Disk
 CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...)
+	{DLA-2725-1}
 	- lrzip 0.631+git180517-1 (unimportant; bug #863145)
 	NOTE: https://github.com/ckolivas/lrzip/issues/67
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
@@ -309322,6 +309323,7 @@ CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.63
 	NOTE: https://github.com/ckolivas/lrzip/issues/71
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
 CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...)
+	{DLA-2725-1}
 	- lrzip 0.631+git180517-1 (unimportant; bug #863151)
 	NOTE: https://github.com/ckolivas/lrzip/issues/68
 	NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
@@ -309336,14 +309338,18 @@ CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 al
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
 	NOTE: https://github.com/ckolivas/lrzip/commit/dc57230636fe8da068674e1023b2f07c593ec21b (v0.640)
 CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...)
+	{DLA-2725-1}
 	- lrzip 0.631+git180517-1 (unimportant; bug #863155)
 	NOTE: https://github.com/ckolivas/lrzip/issues/69
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
+	NOTE: https://github.com/ckolivas/lrzip/commit/cd456aa70e1f9b6769454ab4f8198e1551c33c49 (v0.640)
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...)
+	{DLA-2725-1}
 	- lrzip 0.631+git180517-1 (unimportant; bug #863156)
 	NOTE: https://github.com/ckolivas/lrzip/issues/66
 	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
+	NOTE: https://github.com/ckolivas/lrzip/commit/38386bd482c0a8102a79958cb3eddcb97a167ca3 (v0.640)
 	NOTE: Crash in CLI tool, no security implications
 CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710,  ...)
 	NOT-FOR-US: Peplink Balance devices


=====================================
data/DLA/list
=====================================
@@ -753,7 +753,7 @@
 	{CVE-2020-13933 CVE-2020-17510}
 	[stretch] - shiro 1.3.2-1+deb9u2
 [01 Aug 2021] DLA-2725-1 lrzip - security update
-	{CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496}
+	{CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846 CVE-2017-8847 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496}
 	[stretch] - lrzip 0.631-1+deb9u1
 [01 Aug 2021] DLA-2724-1 condor - security update
 	{CVE-2019-18823}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c602bf6f01541e2b9b8997e4b7726cad0918c115
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220407/5e06f56d/attachment.htm>
