Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96b0b4d6 by Chris Lamb at 2018-10-20T01:54:38Z Triage CVE-2018-18520 (elfutils) in jessie LTS. - - - - - a8f3a38c by Chris Lamb at 2018-10-20T01:55:17Z Triage CVE-2018-18521 (elfutils) for jessie LTS. - - - - - 7cf9b14a by Chris Lamb at 2018-10-20T01:56:59Z data/dla-needed.txt: Triage imagemagick for jessie. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -15,11 +15,13 @@ CVE-2018-18522 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...) - elfutils <unfixed> (low; bug #911413) [stretch] - elfutils <no-dsa> (Minor issue) + [jessie] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...) - elfutils <unfixed> (low; bug #911414) [stretch] - elfutils <no-dsa> (Minor issue) + [jessie] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html CVE-2018-18519 ===================================== data/dla-needed.txt ===================================== @@ -35,6 +35,8 @@ ghostscript (Markus Koschany) gnutls28 (Antoine Beaupre) NOTE: 20180824: Upstream patch is quite invasive, adding new options etc. (Chris Lamb) -- +imagemagick +-- libav (Hugo Lefeuvre) NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop. NOTE: 20180118: It is unlikely that he will start again in the next weeks. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7dd531e9ccf4e1abaea32533cb7383117a05f027...7cf9b14a27733f996e0659a020e6b303865c90ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7dd531e9ccf4e1abaea32533cb7383117a05f027...7cf9b14a27733f996e0659a020e6b303865c90ed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits