diff options
| author | Adrian Bunk <bunk@debian.org> | 2021-10-30 23:14:30 +0300 |
|---|---|---|
| committer | Adrian Bunk <bunk@debian.org> | 2021-10-31 00:12:40 +0300 |
| commit | 9537aa2e52623fd4f5a0ccf7ee129d66a6342766 (patch) | |
| tree | 4085869fad89c98091847cbcfce0d775aae04546 /data | |
| parent | 2faf8f32936c48f555a7f5bfc7d2b03d819d5326 (diff) | |
Reserve DLA-2802-1 for elfutils
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2018.list | 5 | ||||
| -rw-r--r-- | data/CVE/2019.list | 2 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 2 |
4 files changed, 3 insertions, 9 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 7f37f2c9f4..e4e1a02c18 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -7669,14 +7669,12 @@ CVE-2018-18522 CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...) {DLA-1689-1} - elfutils 0.175-1 (low; bug #911413) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...) {DLA-1689-1} - elfutils 0.175-1 (low; bug #911414) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209 @@ -8321,7 +8319,6 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...) {DLA-1689-1} - elfutils 0.175-1 (bug #911083) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd @@ -13275,7 +13272,6 @@ CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list in NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a ...) - elfutils 0.175-1 (low) - [stretch] - elfutils <no-dsa> (Minor issue) [jessie] - elfutils <not-affected> (vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa @@ -14116,7 +14112,6 @@ CVE-2018-16063 CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...) {DLA-1689-1} - elfutils 0.175-1 (bug #907562) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index cd1c481401..3c9b2cbc2e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -36303,7 +36303,6 @@ CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...) {DLA-1689-1} - elfutils 0.176-1 (low; bug #921880) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=de01cc6f9446187d69b9748bb3636361c79e77a4 @@ -37800,7 +37799,6 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFun CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...) {DLA-1689-1} - elfutils 0.176-1 (low; bug #920909) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 diff --git a/data/DLA/list b/data/DLA/list index b5b5dbcd52..a5363b4648 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Oct 2021] DLA-2802-1 elfutils - security update + {CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665} + [stretch] - elfutils 0.168-1+deb9u1 [30 Oct 2021] DLA-2801-1 cron - security update {CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706} [stretch] - cron 3.0pl1-128+deb9u2 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 075cdb5591..172924e32f 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -29,8 +29,6 @@ debian-archive-keyring NOTE: 20211018: Jonathan is prepping the branch; will work NOTE: 20211018: with him and upload and publish the DLA. (utkarsh) -- -elfutils (Adrian Bunk) --- exiv2 (Thorsten Alteholz) NOTE: 20211024: WIP, not yet finished -- |