Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04ef8910 by Thorsten Alteholz at 2020-04-26T20:08:13+02:00
fix missing only for Jessie, so this will be done now ...
- - - - -
f510036b by Thorsten Alteholz at 2020-04-26T20:08:43+02:00
Reserve DLA-2189-1 for rzip
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -168598,7 +168598,6 @@ CVE-2017-8365 (The i2les_array function in pcm.c in
libsndfile 1.0.28 allows rem
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote
attackers ...)
{DLA-955-1}
- rzip 2.1-4.1 (bug #861614)
- [jessie] - rzip <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
NOTE: Patch in
http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28
allows re ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Apr 2020] DLA-2189-1 rzip - security update
+ {CVE-2017-8364}
+ [jessie] - rzip 2.1-2+deb8u1
[26 Apr 2020] DLA-2188-1 php5 - security update
{CVE-2020-7064 CVE-2020-7066 CVE-2020-7067}
[jessie] - php5 5.6.40+dfsg-0+deb8u11
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70d5027d56470848e867a91669c1e76f4bca4ac7...f510036bb8254d643c39bf042e2472446da55ef3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70d5027d56470848e867a91669c1e76f4bca4ac7...f510036bb8254d643c39bf042e2472446da55ef3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
