Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fa81f7a by Markus Koschany at 2018-11-25T19:25:22Z
CVE-2017-8315,eclipse,apktool: Eclipse is not affected but apktool
Debian never shipped the eclipse-andmore plugin or related IDE specific code
for managing Android projects. However apktool until version 2.2.4 was
affected. That means the version in Stretch remains vulnerable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80420,8 +80420,13 @@ CVE-2017-8317
CVE-2017-8316 (IntelliJ IDEA XML parser was found vulnerable to XML External
Entity ...)
NOT-FOR-US: IntelliJ IDEA XML parser
CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and
earlier ...)
- - eclipse <undetermined>
+ - apktool 2.2.4-1
NOTE: Upstream bug with details is restricted
+ NOTE: According to Red Hat only eclipse-andmore was affected but it was
+ NOTE: never shipped with Debian. Apktool is affected though.
+ NOTE: Possible fixes:
https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c
+ NOTE:
https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed
+ NOTE:
https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063
CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi
17.1 ...)
{DLA-1243-1}
- kodi 2:17.1+dfsg1-3 (bug #863230)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fa81f7a9811e023ad7b0778b81eeaee481057e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fa81f7a9811e023ad7b0778b81eeaee481057e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
