[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Re-add dhcpcd5 for jessie; code is likely vulnerable.

Sat, 04 May 2019 15:48:46 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b81f13a5 by Chris Lamb at 2019-05-04T22:47:12Z
data/dla-needed.txt: Re-add dhcpcd5 for jessie; code is likely vulnerable.

This reverts commits 4f0556e33b6b351468a82b88194e47ffe05bf0bc
and b0c730aa1c8adf6395eea6ee09b8ee5da09ed6e3.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -443,12 +443,10 @@ CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer 
overflow in dhcp6_findna i
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow 
with DHO ...)
        - dhcpcd5 <unfixed> (low; bug #928104)
        [stretch] - dhcpcd5 <no-dsa> (Minor issue)
-       [jessie] - dhcpcd5 <not-affected> (Vulnerable code added later)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer 
secrets by pe ...)
        - dhcpcd5 <unfixed> (low; bug #928056)
        [stretch] - dhcpcd5 <no-dsa> (Minor issue)
-       [jessie] - dhcpcd5 <not-affected> (Vulnerable authentication code 
introduced later)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e


=====================================
data/dla-needed.txt
=====================================
@@ -19,6 +19,8 @@ bind9 (Thorsten Alteholz)
 claws-mail
   NOTE: 20190408: patch not yet available
 --
+dhcpcd5
+--
 drupal7 (Jonas Meurer)
 --
 evolution-ews



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b81f13a548e5b2898b8795a9c5df02b48a6bf381

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b81f13a548e5b2898b8795a9c5df02b48a6bf381
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to