László Böszörményi pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e3816d3 by Laszlo Boszormenyi (GCS) at 2018-05-17T17:45:03+00:00
Add lrzip fixed version in unstable to relevant issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1214,7 +1214,7 @@ CVE-2018-10687
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There
is ...)
NOT-FOR-US: Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free
in the ...)
- - lrzip <unfixed> (low; bug #897645)
+ - lrzip 0.631+git180517-1 (low; bug #897645)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <ignored> (Minor issue)
@@ -5104,7 +5104,7 @@ CVE-2018-9060 (R 3.4.4 suffers from a local buffer
overflow that allows code ...
CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web
Server 7.2 ...)
NOT-FOR-US: Easy File Sharing (EFS)
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
in the ...)
- - lrzip <unfixed> (unimportant)
+ - lrzip 0.631+git180517-1 (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/93
NOTE: No security impact
CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and
8.5.x ...)
@@ -14584,7 +14584,7 @@ CVE-2018-5787 (An issue was discovered in Extreme
Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ...)
NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
and ...)
- - lrzip <unfixed> (bug #888506)
+ - lrzip 0.631+git180517-1 (bug #888506)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -14757,7 +14757,7 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows
attackers to cause a denial
NOTE:
https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free
in the ...)
- - lrzip <unfixed> (bug #898451)
+ - lrzip 0.631+git180517-1 (bug #898451)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -15067,7 +15067,7 @@ CVE-2018-5652 (An issue was discovered in the dark-mode
plugin 1.6 for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for
WordPress. XSS ...)
NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
and ...)
- - lrzip <unfixed> (bug #887065)
+ - lrzip 0.631+git180517-1 (bug #887065)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -50589,13 +50589,13 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in
Green Packet DX-350 Firmware
CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350
...)
NOT-FOR-US: Green Packet
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the
function ...)
- - lrzip <unfixed> (bug #866020)
+ - lrzip 0.631+git180517-1 (bug #866020)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/75
CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the
function ...)
- - lrzip <unfixed> (bug #866022)
+ - lrzip 0.631+git180517-1 (bug #866022)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
@@ -55747,37 +55747,37 @@ CVE-2017-8849 (smb4k before 2.0.1 allows local users
to gain root privileges by
CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of
changing a ...)
NOT-FOR-US: Allen Disk
CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so
in ...)
- - lrzip <unfixed> (unimportant; bug #863145)
+ - lrzip 0.631+git180517-1 (unimportant; bug #863145)
NOTE: https://github.com/ckolivas/lrzip/issues/67
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip
0.631 ...)
- - lrzip <unfixed> (bug #863150)
+ - lrzip 0.631+git180517-1 (bug #863150)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/71
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as
used in ...)
- - lrzip <unfixed> (unimportant; bug #863151)
+ - lrzip 0.631+git180517-1 (unimportant; bug #863151)
NOTE: https://github.com/ckolivas/lrzip/issues/68
NOTE:
https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631
allows ...)
- - lrzip <unfixed> (bug #863153)
+ - lrzip 0.631+git180517-1 (bug #863153)
[stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/70
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip
0.631 ...)
- - lrzip <unfixed> (unimportant; bug #863155)
+ - lrzip 0.631+git180517-1 (unimportant; bug #863155)
NOTE: https://github.com/ckolivas/lrzip/issues/69
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so
in ...)
- - lrzip <unfixed> (unimportant; bug #863156)
+ - lrzip 0.631+git180517-1 (unimportant; bug #863156)
NOTE: https://github.com/ckolivas/lrzip/issues/66
NOTE:
https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
NOTE: Crash in CLI tool, no security implications
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e3816d39261a8121cba10ad6f86d12da065ac8c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
