[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2017-8845

Salvatore Bonaccorso Wed, 16 May 2018 13:26:02 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ece8bffa by Salvatore Bonaccorso at 2018-05-16T22:24:55+02:00
Reference fix for CVE-2017-8845

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -55690,6 +55690,7 @@ CVE-2017-8846 (The read_stream function in stream.c in 
liblrzip.so in lrzip 0.63
 CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as 
used in ...)
        - lrzip <unfixed> (unimportant; bug #863151)
        NOTE: https://github.com/ckolivas/lrzip/issues/68
+       NOTE: 
https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
        NOTE: Crash in CLI tool, no security implications
 CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 
allows ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece8bffa34541aafcb5290e90d0609f98770e138

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece8bffa34541aafcb5290e90d0609f98770e138
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2017-8845

Reply via email to