Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6958d3a by Salvatore Bonaccorso at 2018-06-23T11:35:24+02:00
faad2, ghostscript, file, blktrace fixes included in 8.11
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5150,7 +5150,7 @@ CVE-2018-10690
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux
kernel ...)
- blktrace 1.2.0-1 (low; bug #897695)
[stretch] - blktrace <no-dsa> (Minor issue)
- [jessie] - blktrace <no-dsa> (Minor issue)
+ [jessie] - blktrace 1.0.5-1+deb8u1
[wheezy] - blktrace <no-dsa> (Minor issue)
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
NOTE: https://www.spinics.net/lists/linux-btrace/msg00847.html
@@ -5979,7 +5979,7 @@ CVE-2018-10363 (An issue was discovered in the WpDevArt
"Booking calendar,
CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file
5.33 ...)
- file 1:5.33-3 (bug #901351)
[stretch] - file <no-dsa> (Minor issue; will be fixed via pu)
- [jessie] - file <no-dsa> (Minor issue; will be fixed via pu)
+ [jessie] - file 1:5.22+15-2+deb8u4
NOTE:
https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
CVE-2018-10359 (A pool corruption privilege escalation vulnerability in Trend
Micro ...)
NOT-FOR-US: Trend Micro
@@ -6366,7 +6366,7 @@ CVE-2018-10194 (The set_text_distance function in
devices/vector/gdevpdts.c in t
{DLA-1363-1}
- ghostscript 9.22~dfsg-2.1 (bug #896069)
[stretch] - ghostscript <no-dsa> (Minor issue)
- [jessie] - ghostscript <no-dsa> (Minor issue)
+ [jessie] - ghostscript 9.06~dfsg-2+deb8u7
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet
public)
CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null
pointer ...)
@@ -58792,27 +58792,27 @@ CVE-2017-9257 (The mp4ff_read_ctts function in
common/mp4ff/mp4atom.c in Freewar
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause
the switch ...)
- openvswitch 2.6.1+git20161123-1
[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len
introduced later)
@@ -58935,32 +58935,32 @@ CVE-2017-9223 (The mp4ff_read_stts function in
common/mp4ff/mp4atom.c in Freewar
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in
Freeware ...)
{DLA-1077-1}
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
- [jessie] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u1
CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a
denial ...)
[experimental] - systemd 233-8
- systemd 232-24 (bug #863277)
@@ -64737,7 +64737,7 @@ CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1,
10.x through 10.0.2, and 11.
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in
Artifex ...)
- ghostscript 9.22~dfsg-2.1 (bug #860869)
[stretch] - ghostscript <no-dsa> (Minor issue)
- [jessie] - ghostscript <no-dsa> (Minor issue)
+ [jessie] - ghostscript 9.06~dfsg-2+deb8u7
[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to
re-evaluate once the upstream fix is known)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,33 +1,5 @@
-CVE-2017-9218
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9219
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9220
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9221
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9222
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9223
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9253
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9254
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9256
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2017-9257
- [jessie] - faad2 2.7-8+deb8u1
-CVE-2018-10194
- [jessie] - ghostscript 9.06~dfsg-2+deb8u7
-CVE-2016-10317
- [jessie] - ghostscript 9.06~dfsg-2+deb8u7
-CVE-2018-10689
- [jessie] - blktrace 1.0.5-1+deb8u1
CVE-2017-5715
[jessie] - intel-microcode 3.20180425.1~deb8u1
-CVE-2018-10360
- [jessie] - file 1:5.22+15-2+deb8u4
CVE-2017-9872
[jessie] - lame 3.99.5+repack1-7+deb8u2
CVE-2017-9871
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6958d3aabc7a70e6bcce6d8d946da2a6be0c1eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6958d3aabc7a70e6bcce6d8d946da2a6be0c1eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
