László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2e3816d3 by Laszlo Boszormenyi (GCS) at 2018-05-17T17:45:03+00:00 Add lrzip fixed version in unstable to relevant issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1214,7 +1214,7 @@ CVE-2018-10687 CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is ...) NOT-FOR-US: Vesta Control Panel CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...) - - lrzip <unfixed> (low; bug #897645) + - lrzip 0.631+git180517-1 (low; bug #897645) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <ignored> (Minor issue) @@ -5104,7 +5104,7 @@ CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code ... CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 ...) NOT-FOR-US: Easy File Sharing (EFS) CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...) - - lrzip <unfixed> (unimportant) + - lrzip 0.631+git180517-1 (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/93 NOTE: No security impact CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x ...) @@ -14584,7 +14584,7 @@ CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG CVE-2017-18044 (A Command Injection issue was discovered in ...) NOT-FOR-US: Commvault CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...) - - lrzip <unfixed> (bug #888506) + - lrzip 0.631+git180517-1 (bug #888506) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) @@ -14757,7 +14757,7 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276 CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...) - - lrzip <unfixed> (bug #898451) + - lrzip 0.631+git180517-1 (bug #898451) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) @@ -15067,7 +15067,7 @@ CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...) NOT-FOR-US: dark-mode plugin for WordPress CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...) - - lrzip <unfixed> (bug #887065) + - lrzip 0.631+git180517-1 (bug #887065) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) @@ -50589,13 +50589,13 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 ...) NOT-FOR-US: Green Packet CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function ...) - - lrzip <unfixed> (bug #866020) + - lrzip 0.631+git180517-1 (bug #866020) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/75 CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function ...) - - lrzip <unfixed> (bug #866022) + - lrzip 0.631+git180517-1 (bug #866022) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) @@ -55747,37 +55747,37 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...) NOT-FOR-US: Allen Disk CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...) - - lrzip <unfixed> (unimportant; bug #863145) + - lrzip 0.631+git180517-1 (unimportant; bug #863145) NOTE: https://github.com/ckolivas/lrzip/issues/67 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ NOTE: Crash in CLI tool, no security implications CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...) - - lrzip <unfixed> (bug #863150) + - lrzip 0.631+git180517-1 (bug #863150) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/71 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...) - - lrzip <unfixed> (unimportant; bug #863151) + - lrzip 0.631+git180517-1 (unimportant; bug #863151) NOTE: https://github.com/ckolivas/lrzip/issues/68 NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/ NOTE: Crash in CLI tool, no security implications CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...) - - lrzip <unfixed> (bug #863153) + - lrzip 0.631+git180517-1 (bug #863153) [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/70 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...) - - lrzip <unfixed> (unimportant; bug #863155) + - lrzip 0.631+git180517-1 (unimportant; bug #863155) NOTE: https://github.com/ckolivas/lrzip/issues/69 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/ NOTE: Crash in CLI tool, no security implications CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...) - - lrzip <unfixed> (unimportant; bug #863156) + - lrzip 0.631+git180517-1 (unimportant; bug #863156) NOTE: https://github.com/ckolivas/lrzip/issues/66 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ NOTE: Crash in CLI tool, no security implications View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits