Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c685187c by Chris Lamb at 2018-03-05T08:44:34+00:00
Triage CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7642,
CVE-2018-7643 (binutils) for wheezy, following stretch and jessie.
- - - - -
b3c58638 by Chris Lamb at 2018-03-05T08:46:10+00:00
Triage clamav for LTS
- - - - -
d11dceb9 by Chris Lamb at 2018-03-05T08:48:43+00:00
Triage mingw-w64 for LTS
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -64,12 +64,14 @@ CVE-2018-7643 (The display_debug_ranges function in dwarf.c
in GNU Binutils 2.30
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
+ [wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22905
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11ae95ea3403559f052903ab053f43ad7821e37
CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File
Descriptor ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
+ [wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer
over-read in ...)
@@ -261,18 +263,21 @@ CVE-2018-7570 (The
assign_file_positions_for_non_load_sections function in elf.c
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
+ [wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22881
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
+ [wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22895
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File
Descriptor (BFD) ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
+ [wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22894
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux
kernel ...)
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,6 +10,8 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+clamav
+--
dovecot (Thorsten Alteholz)
NOTE: after applying the patch, login segfaults
NOTE: maintainer and security team are looking into this
@@ -74,6 +76,8 @@ ming (Hugo Lefeuvre)
NOTE: 20180118: wip, currently working on it with upstream, might take a
while
NOTE: Some issues currently in upstream's bug tracker are missing a CVE
number, so number of issues might increase in the next weeks
--
+mingw-w64
+--
mupdf (Hugo Lefeuvre)
--
opencv (Thorsten Alteholz)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eca081c0373af7bb9852b2936dbefcceffde554...d11dceb9ec2cdee4af2e234c368717df5e7ea51e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eca081c0373af7bb9852b2936dbefcceffde554...d11dceb9ec2cdee4af2e234c368717df5e7ea51e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
