Helmut Grohne pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5886baca by Helmut Grohne at 2022-12-08T11:08:05+01:00
triage CVE-2018-5710
This is already marked as a duplicate. Clarify which ids are duplicated
and update the relevant DLAs.
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -322988,15 +322988,15 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics
Library (aka libgd), as used in PH
NOTE: https://github.com/libgd/libgd/issues/420
NOTE:
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through
1.16. The ...)
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.1-1 (bug #889685)
- [stretch] - krb5 <no-dsa> (Minor issue)
- [jessie] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for
NULL)
NOTE:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
NOTE: The CVE is a duplicate of the #891869 issue(s) due to reporter not
NOTE: having coordinated with upstream and the CVE assignment ist sill
for
NOTE: slight different coverage. Thus keep it distinct (for now) and
mark
NOTE: CVE-2018-5710 issue as well as fixed once #891869 is adressed.
+ NOTE: The duplicated ids are CVE-2018-5729 and CVE-2018-5730.
CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through
1.16. The ...)
- krb5 <unfixed> (unimportant; bug #889684)
NOTE:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
=====================================
data/DLA/list
=====================================
@@ -1384,7 +1384,7 @@
{CVE-2017-12678 CVE-2018-11439}
[stretch] - taglib 1.11.1+dfsg.1-0.3+deb9u1
[30 Sep 2021] DLA-2771-1 krb5 - security update
- {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
+ {CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217
CVE-2021-37750}
[stretch] - krb5 1.15-1+deb9u3
[30 Sep 2021] DLA-2770-1 weechat - security update
{CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
@@ -4857,7 +4857,7 @@
{CVE-2018-19788 CVE-2019-6133}
[jessie] - policykit-1 0.105-15~deb8u4
[25 Jan 2019] DLA-1643-1 krb5 - security update
- {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
+ {CVE-2018-5710 CVE-2018-5729 CVE-2018-5730 CVE-2018-20217}
[jessie] - krb5 1.12.1+dfsg-19+deb8u5
[25 Jan 2019] DLA-1642-1 postgresql-9.4 - new upstream version
[jessie] - postgresql-9.4 9.4.20-0+deb8u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5886baca27ccb9b824416c9cc1a4bdd55d24e2d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5886baca27ccb9b824416c9cc1a4bdd55d24e2d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
