[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 5 commits: Triage zziplib for LTS

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f213d3ef by Chris Lamb at 2018-02-19T10:51:25+00:00
Triage zziplib for LTS

- - - - -
617b31db by Chris Lamb at 2018-02-19T10:51:41+00:00
data/dla-needed.txt: Correct ordering.

- - - - -
a489c643 by Chris Lamb at 2018-02-19T10:51:42+00:00
Claim zziplib in data/dla-needed.txt

- - - - -
c69ee5d0 by Chris Lamb at 2018-02-19T10:51:43+00:00
Mark CVE-2018-7208 in binutils as no-dsa in wheezy.

- - - - -
9701f624 by Chris Lamb at 2018-02-19T10:51:43+00:00
Mark CVE-2017-18186, CVE-2017-18185, CVE-2017-18184, CVE-2017-18183 & 
CVE-2015-9252 for qpdf as no-dsa in wheezy.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -34,6 +34,7 @@ CVE-2018-7208 (In the coff_pointerize_aux function in 
coffgen.c in the Binary Fi
        - binutils <unfixed>
        [stretch] - binutils <ignored> (Minor issue)
        [jessie] - binutils <ignored> (Minor issue)
+       [wheezy] - binutils <ignored> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22741
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
 CVE-2018-7207 (National Payments Corporation of India (NPCI) Bharat Interface 
for ...)
@@ -689,24 +690,28 @@ CVE-2017-18186 (An issue was discovered in QPDF before 
7.0.0. There is an infini
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
+       [wheezy] - qpdf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937
        NOTE: https://github.com/qpdf/qpdf/issues/149
 CVE-2017-18185 (An issue was discovered in QPDF before 7.0.0. There is a large 
...)
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
+       [wheezy] - qpdf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71
        NOTE: https://github.com/qpdf/qpdf/issues/150
 CVE-2017-18184 (An issue was discovered in QPDF before 7.0.0. There is a 
stack-based ...)
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
+       [wheezy] - qpdf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317
        NOTE: https://github.com/qpdf/qpdf/issues/147
 CVE-2017-18183 (An issue was discovered in QPDF before 7.0.0. There is an 
infinite loop ...)
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
+       [wheezy] - qpdf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481
        NOTE: https://github.com/qpdf/qpdf/issues/143
 CVE-2017-18182
@@ -723,6 +728,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 
7.0.0. Endless recursion c
        - qpdf 7.0.0-1
        [stretch] - qpdf <no-dsa> (Minor issue)
        [jessie] - qpdf <no-dsa> (Minor issue)
+       [wheezy] - qpdf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
        NOTE: https://github.com/qpdf/qpdf/issues/51
 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux 
kernel before ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -42,16 +42,16 @@ lame (Hugo Lefeuvre)
   NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and 
submitted a patch draft for Jessie.
   NOTE: I'll test it, submit the update for Jessie and backport the result to 
Wheezy on time.
 --
+leptonlib
+  NOTE: #885704 fix is incomplete and may require a CVE
+  NOTE: see also 
https://lists.debian.org/1518730488.2617.129.ca...@decadent.org.uk
+--
 libav (Hugo Lefeuvre)
   NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, 
but encountered personal issues and had to stop.
   NOTE: It is unlikely that he will start again in the next weeks.
   NOTE: I am currently working on CVE triage but I will not be able to process 
the whole backlog until May.
   NOTE: Help is welcome, feel free to mail Hugo.
 --
-leptonlib
-  NOTE: #885704 fix is incomplete and may require a CVE
-  NOTE: see also 
https://lists.debian.org/1518730488.2617.129.ca...@decadent.org.uk
---
 libgcrypt11
 --
 libmad (Kurt Roeckx)
@@ -86,3 +86,6 @@ suricata (Santiago R.R.)
 --
 wordpress
   NOTE: 20180217: Upstream unsure how to fix at the moment (lamby)
+--
+zziplib (Chris Lamb)
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/486bb3ecb08903cf5488a82359d8e57d99ce085b...9701f624773c56bbe0580beeeeef2d524b2093b6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/486bb3ecb08903cf5488a82359d8e57d99ce085b...9701f624773c56bbe0580beeeeef2d524b2093b6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits