[Git][security-tracker-team/security-tracker][master] 2 commits: add fix for mosquitto CVEs

Thu, 27 Sep 2018 13:03:28 -0700 

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
56fd2c00 by Thorsten Alteholz at 2018-09-27T19:57:56Z
add fix for mosquitto CVEs

- - - - -
754d827a by Thorsten Alteholz at 2018-09-27T19:58:50Z
Reserve DLA-1524-1 for libxml2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76747,9 +76747,11 @@ CVE-2017-7655
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak 
vulnerability ...)
        - mosquitto <unfixed>
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
+       NOTE: 
https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
 CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not 
reject ...)
        - mosquitto <unfixed>
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
+       NOTE: 
https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
 CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set 
running ...)
        {DLA-1409-1 DLA-1334-1}
        - mosquitto 1.4.15-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Sep 2018] DLA-1524-1 libxml2 - security update
+       {CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567}
+       [jessie] - libxml2 2.9.1+dfsg1-5+deb8u7
 [27 Sep 2018] DLA-1523-1 asterisk - security update
        {CVE-2018-17281}
        [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u6


=====================================
data/dla-needed.txt
=====================================
@@ -45,10 +45,6 @@ libav (Hugo Lefeuvre)
 --
 libspring-java (Abhijith PA)
 --
-libxml2 (Thorsten Alteholz)
-  NOTE: 20180720: There are many open CVEs marked as <no-dsa> for jessie and 
stretch.
-  NOTE: 20180720: My  sense is that someone should go over them and fix those 
that are fixable.
---
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/31fe34afa4f5f79defbce03564647540816d07c7...754d827a50894e92aa730e017d3daa0d61505ef2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/31fe34afa4f5f79defbce03564647540816d07c7...754d827a50894e92aa730e017d3daa0d61505ef2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to