patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1

Sat, 08 Dec 2018 18:45:16 -0800 

Dear colleagues,

Attached is a patch to mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1.

I also submitted a pull request
https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/29
as I didn't know which method is preferred.

This is my first time interacting with the security-team/CVEs; please let
me know if I'm not doing this correctly or could do it better.

Thanks!

-- 
Michael R. Crusoe
Co-founder & Lead, Common Workflow Language project
<http://www.commonwl.org/>
Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania
Debian Maintainer, Med team
https://orcid.org/0000-0002-2961-9670
<https://impactstory.org/u/0000-0002-2961-9670>
m...@commonwl.org

commit 919071ec9c62f8a85f3f14ecdf3ba231aab0288f
Author: Michael R. Crusoe <michael.cru...@gmail.com>
Date:   Sun Dec 9 11:10:02 2018 +0900

    Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1

diff --git a/data/CVE/list b/data/CVE/list
index cf9f7231e5..ef9eb3d8f4 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19365,20 +19365,17 @@ CVE-2018-13847 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in ...
 CVE-2018-13846 (An issue has been found in Bento4 1.5.1-624. ...)
 	NOT-FOR-US: Bento4
 CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read in ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
 CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330
 CVE-2018-13843 (An issue has been found in HTSlib 1.8. It is a memory leak in ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issue-339662537

Reply via email to