Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b1c3111a by Ola Lundqvist at 2018-04-12T21:51:42+02:00
The CVE was marked as no-dsa for Debian Security and there is no reason to 
believe why wheezy should be treated differently. Therefore marking as ignored 
and removing the package from dla-needed.txt.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11364,6 +11364,7 @@ CVE-2018-5802 [Out-of-bounds read in 
kodak_radc_load_raw function internal/dcraw
        - libraw 0.18.7-1
        [stretch] - libraw <no-dsa> (Minor issue)
        [jessie] - libraw <no-dsa> (Minor issue)
+       [wheezy] - libraw <ignored> (Minor issue)
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function 
src/libraw_cxx.cpp]
@@ -11371,6 +11372,7 @@ CVE-2018-5801 [NULL pointer dereference in 
LibRaw::unpack function src/libraw_cx
        - libraw 0.18.7-1
        [stretch] - libraw <no-dsa> (Minor issue)
        [jessie] - libraw <no-dsa> (Minor issue)
+       [wheezy] - libraw <ignored> (Minor issue)
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw 
function in internal/dcraw_common.cpp]
@@ -11378,6 +11380,7 @@ CVE-2018-5800 [Heap-based buffer overflow in 
LibRaw::kodak_ycbcr_load_raw functi
        - libraw 0.18.7-1
        [stretch] - libraw <no-dsa> (Minor issue)
        [jessie] - libraw <no-dsa> (Minor issue)
+       [wheezy] - libraw <ignored> (Minor issue)
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 
and earlier, ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -58,9 +58,6 @@ libav (Hugo Lefeuvre)
 --
 libmad (Kurt Roeckx)
 --
-libraw
-  NOTE: Only a subset of functions are present in Wheezy.
---
 libvorbis
   NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback 
on this issue.
   NOTE: Fixes for other CVEs applied upstream and in sid.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c3111a3688480350fbe773e816be8ab5fe31cf

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1c3111a3688480350fbe773e816be8ab5fe31cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to