[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add note for CVE-2018-7054

Fri, 16 Feb 2018 07:55:10 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2c8f5f80 by Salvatore Bonaccorso at 2018-02-16T16:53:03+01:00
Add note for CVE-2018-7054

- - - - -
6a16572c by Salvatore Bonaccorso at 2018-02-16T16:53:56+01:00
Reorder entries for one CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -269,10 +269,12 @@ CVE-2018-7054 (An issue was discovered in Irssi before 
1.0.7 and 1.1.x before 1.
        [jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 
1.0.0)
        [wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 
1.0.0)
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
-       NOTE: Some netsplit related changes as introduced in 1.0.0 were 
reverted:
+       NOTE: 
https://github.com/irssi/irssi/commit/e405330e04dc344797f00c12cf8fd7f63b17e0e4
+       NOTE: Some (additional) netsplit related changes as introduced in 1.0.0 
were reverted:
        NOTE: 
https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
        NOTE: 
https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
        NOTE: 
https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
+       NOTE: But the CVE is specifically for the use-after-free issue.
 CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 
1.1.1. ...)
        - irssi <unfixed>
        NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
@@ -493,8 +495,8 @@ CVE-2018-6955
        RESERVED
 CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks 
present in ...)
        - systemd <unfixed>
-       NOTE: https://github.com/systemd/systemd/issues/7986
        [wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in 
Wheezy)
+       NOTE: https://github.com/systemd/systemd/issues/7986
 CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a 
certain ...)
        NOT-FOR-US: CCN-lite 2
 CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in 
GNU patch ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/359c3a7a65318331ec2507fb547651299ea207a7...6a16572c839bfd1381617ea8d7e4fe186fcbcf5e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/359c3a7a65318331ec2507fb547651299ea207a7...6a16572c839bfd1381617ea8d7e4fe186fcbcf5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to