[Git][security-tracker-team/security-tracker][master] triage CVE-2018-5710

Thu Dec 8 10:09:22 GMT 2022


Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5886baca by Helmut Grohne at 2022-12-08T11:08:05+01:00
triage CVE-2018-5710

This is already marked as a duplicate. Clarify which ids are duplicated
and update the relevant DLAs.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -322988,15 +322988,15 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PH
 	NOTE: https://github.com/libgd/libgd/issues/420
 	NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
 CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
+	{DLA-2771-1 DLA-1643-1}
 	- krb5 1.16.1-1 (bug #889685)
-	[stretch] - krb5 <no-dsa> (Minor issue)
-	[jessie] - krb5 <no-dsa> (Minor issue)
 	[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for NULL)
 	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
 	NOTE: The CVE is a duplicate of the #891869 issue(s) due to reporter not
 	NOTE: having coordinated with upstream and the CVE assignment ist sill for
 	NOTE: slight different coverage. Thus keep it distinct (for now) and mark
 	NOTE: CVE-2018-5710 issue as well as fixed once #891869 is adressed.
+	NOTE: The duplicated ids are CVE-2018-5729 and CVE-2018-5730.
 CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
 	- krb5 <unfixed> (unimportant; bug #889684)
 	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow


=====================================
data/DLA/list
=====================================
@@ -1384,7 +1384,7 @@
 	{CVE-2017-12678 CVE-2018-11439}
 	[stretch] - taglib 1.11.1+dfsg.1-0.3+deb9u1
 [30 Sep 2021] DLA-2771-1 krb5 - security update
-	{CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
+	{CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
 	[stretch] - krb5 1.15-1+deb9u3
 [30 Sep 2021] DLA-2770-1 weechat - security update
 	{CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
@@ -4857,7 +4857,7 @@
 	{CVE-2018-19788 CVE-2019-6133}
 	[jessie] - policykit-1 0.105-15~deb8u4
 [25 Jan 2019] DLA-1643-1 krb5 - security update
-	{CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
+	{CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
 	[jessie] - krb5 1.12.1+dfsg-19+deb8u5
 [25 Jan 2019] DLA-1642-1 postgresql-9.4 - new upstream version
 	[jessie] - postgresql-9.4 9.4.20-0+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5886baca27ccb9b824416c9cc1a4bdd55d24e2d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5886baca27ccb9b824416c9cc1a4bdd55d24e2d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/13f80e19/attachment-0001.htm>
