Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: bf89c92e by Thorsten Alteholz at 2020-03-24T19:37:06+01:00 CVE-2019-5188 will be fixed - - - - - 136ee505 by Thorsten Alteholz at 2020-03-24T19:59:27+01:00 claim e2fsprogs - - - - - f75f84c3 by Thorsten Alteholz at 2020-03-24T19:59:51+01:00 claim nss - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -67975,7 +67975,6 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing - e2fsprogs 1.45.5-1 (bug #948508) [buster] - e2fsprogs 1.44.5-1+deb10u3 [stretch] - e2fsprogs <no-dsa> (Minor issue) - [jessie] - e2fsprogs <no-dsa> (Minor issue; exploit would require providing malicious filesystem) NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 ===================================== data/dla-needed.txt ===================================== @@ -15,6 +15,8 @@ ansible -- bluez (Emilio) -- +e2fsprogs (Thorsten Alteholz) +-- glibc (Mike Gabriel) -- libmatio (Adrian Bunk) @@ -52,6 +54,8 @@ nova (Thorsten Alteholz) NOTE: 20200309: work is ongoing NOTE: 20200322: taking care of other CVEs as well -- +nss (Thorsten Alteholz) +-- opendmarc (Thorsten Alteholz) NOTE: 20200322: still testing package, original patch does not seem to be enough, still ongoing -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ea935bd1ae05139a6612c4a29761c23768deac7...f75f84c3ecd3a3b3dad376c4c60214662cf84741 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7ea935bd1ae05139a6612c4a29761c23768deac7...f75f84c3ecd3a3b3dad376c4c60214662cf84741 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits