Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fb8ad55 by Thorsten Alteholz at 2019-02-25T13:09:58Z
CVE-2018-18521 will be fixed in Jessie
- - - - -
4a5e6ec5 by Thorsten Alteholz at 2019-02-25T13:15:42Z
add link to fix for CVE-2018-18521
- - - - -
b6484183 by Thorsten Alteholz at 2019-02-25T13:16:22Z
CVE-2018-18520 will be fixed in Jessie
- - - - -
f75ca0d5 by Thorsten Alteholz at 2019-02-25T13:17:26Z
add link to fix for CVE-2018-18520
- - - - -
21a3682d by Thorsten Alteholz at 2019-02-25T13:19:20Z
CVE-2018-18310 will be fixed in Jessie
- - - - -
db989cb0 by Thorsten Alteholz at 2019-02-25T13:21:09Z
add link to fix for CVE-2018-18310
- - - - -
5277f382 by Thorsten Alteholz at 2019-02-25T13:24:00Z
CVE-2018-16062 will be fixed in Jessie
- - - - -
b4a42173 by Thorsten Alteholz at 2019-02-25T13:25:52Z
CVE-2017-7613 will be fixed in Jessie
- - - - -
bef3b577 by Thorsten Alteholz at 2019-02-25T13:28:49Z
add link to fix for CVE-2017-7613
- - - - -
13079fe5 by Thorsten Alteholz at 2019-02-25T13:32:34Z
jessie will be fixed, not wheezy
- - - - -
bb1f8a82 by Thorsten Alteholz at 2019-02-25T13:33:32Z
CVE-2017-7612 will be fixed in Jessie
- - - - -
ecdf90f0 by Thorsten Alteholz at 2019-02-25T13:35:35Z
add link to fix for CVE-2017-7612
- - - - -
17483842 by Thorsten Alteholz at 2019-02-25T13:36:11Z
CVE-2017-7611 will be fixed in Jessie
- - - - -
1ea7aa08 by Thorsten Alteholz at 2019-02-25T13:37:01Z
add link to fix for CVE-2017-7611
- - - - -
5941955d by Thorsten Alteholz at 2019-02-25T13:38:31Z
CVE-2017-7610 will be fixed in Jessie
- - - - -
6a900996 by Thorsten Alteholz at 2019-02-25T13:39:19Z
add link to fix for CVE-2017-7610
- - - - -
ac58483c by Thorsten Alteholz at 2019-02-25T13:41:19Z
CVE-2017-7608 will be fixed in Jessie
- - - - -
df095d34 by Thorsten Alteholz at 2019-02-25T13:41:50Z
add link to fix for CVE-2017-7608
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25563,15 +25563,15 @@ CVE-2018-18522
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function
arlib_add_symbols() in ...)
- elfutils 0.175-1 (low; bug #911413)
[stretch] - elfutils <no-dsa> (Minor issue)
- [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function
elf_end in ...)
- elfutils 0.175-1 (low; bug #911414)
[stretch] - elfutils <no-dsa> (Minor issue)
- [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to
gain ...)
NOT-FOR-US: BestXsoftware Best Free Keylogger
CVE-2018-18518
@@ -26199,9 +26199,9 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before
5.28.1 has a buffer overflo
CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
- elfutils 0.175-1 (bug #911083)
[stretch] - elfutils <no-dsa> (Minor issue)
- [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD)
library ...)
[experimental] - binutils 2.31.51.20181022-1
- binutils <unfixed>
@@ -32081,7 +32081,6 @@ CVE-2018-16063
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before ...)
- elfutils 0.175-1 (bug #907562)
[stretch] - elfutils <no-dsa> (Minor issue)
- [jessie] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
CVE-2018-16061
@@ -106263,28 +106262,28 @@ CVE-2017-7614 (elflink.c in the Binary File
Descriptor (BFD) library (aka libbfd
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of
sections ...)
- elfutils 0.168-1 (bug #859990)
- [jessie] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168
allows ...)
- elfutils 0.168-1 (bug #859991)
- [jessie] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168
allows ...)
- elfutils 0.168-1 (bug #859992)
- [jessie] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows
remote ...)
- elfutils 0.168-1 (bug #859993)
- [jessie] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib
compression ...)
- elfutils 0.168-1 (bug #859994)
[jessie] - elfutils <not-affected> (Vulnerable code not present)
@@ -106293,10 +106292,10 @@ CVE-2017-7609 (elf_compress.c in elfutils 0.168
does not validate the zlib compr
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c
in ...)
- elfutils 0.168-1 (bug #859995)
- [jessie] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
+ NOTE:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168
allows ...)
- elfutils 0.168-1 (bug #859996)
[jessie] - elfutils <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/973369c55d4e3e5124e324bff1803aa315ad3c93...df095d34495796f8590e924dd988dcc3bf13aed7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/973369c55d4e3e5124e324bff1803aa315ad3c93...df095d34495796f8590e924dd988dcc3bf13aed7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
