[Git][security-tracker-team/security-tracker][master] dhcpcd5 issues fixed in unstable (CVE-2019-1157{7,8,9} and CVE-2019-11766)

Tue, 07 May 2019 13:13:19 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
699d7330 by Salvatore Bonaccorso at 2019-05-07T20:11:44Z
dhcpcd5 issues fixed in unstable (CVE-2019-1157{7,8,9} and CVE-2019-11766)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,7 +93,7 @@ CVE-2019-11767 (Server side request forgery (SSRF) in phpBB 
before 3.2.6 allows
        [jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to 
disable the remote avatar function)
        NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941
 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a 
buffer over ...)
-       - dhcpcd5 <unfixed> (bug #928440)
+       - dhcpcd5 7.1.0-2 (bug #928440)
        NOTE: 
https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
        NOTE: 
https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
 CVE-2019-11765
@@ -536,16 +536,16 @@ CVE-2019-11591 (The WebDorado Contact Form plugin before 
1.13.5 for WordPress al
 CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows 
CSRF vi ...)
        NOT-FOR-US: WordPress plugin form-maker
 CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna 
in dhcp ...)
-       - dhcpcd5 <unfixed> (bug #928105)
+       - dhcpcd5 7.1.0-2 (bug #928105)
        [stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
        [jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow 
with DHO ...)
-       - dhcpcd5 <unfixed> (low; bug #928104)
+       - dhcpcd5 7.1.0-2 (low; bug #928104)
        [stretch] - dhcpcd5 <no-dsa> (Minor issue)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer 
secrets by pe ...)
-       - dhcpcd5 <unfixed> (low; bug #928056)
+       - dhcpcd5 7.1.0-2 (low; bug #928056)
        [stretch] - dhcpcd5 <no-dsa> (Minor issue)
        [jessie] - dhcpcd5 <not-affected> (Authentication code added in later 
versions)
        NOTE: 
https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/699d73301d326f66c37c17f44ce9011f75640dd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/699d73301d326f66c37c17f44ce9011f75640dd0
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to