Mail archive
alpine-aports

[alpine-aports] [PATCH] Add missing vulnerabilities in 3.3

From: Ido Perlmuter <ido_at_ido50.net>
Date: Sun, 4 Mar 2018 17:53:35 +0200

The following vulnerabilities were fixed in the main 3.3 repository, but
were missing from the relevant yaml file:

 - CVE-2016-2147 and CVE-2016-2148 were fixed in busybox 1.24.2-r0
   (aports commit 1ac4d54468).

 - CVE-2016-0787 was fixed in libssh2 1.6.0-r1 (aports commit
   c922c86918).
---
 v3.3/main.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
diff --git a/v3.3/main.yaml b/v3.3/main.yaml
index eff8448..ba75383 100644
--- a/v3.3/main.yaml
+++ b/v3.3/main.yaml
_at_@ -64,6 +64,9 @@ packages:
           - CVE-2017-16544
         1.24.2-r1:
           - CVE-2016-6301
+        1.24.2-r0:
+          - CVE-2016-2147
+          - CVE-2016-2148
   - pkg:
       name: c-ares
       secfixes:
_at_@ -903,3 +906,8 @@ packages:
           - CVE-2016-9841
           - CVE-2016-9842
           - CVE-2016-9843
+  - pkg:
+      name: libssh2
+      secfixes:
+        1.6.0-r1:
+          - CVE-2016-0787
-- 
2.16.2
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Sun Mar 04 2018 - 17:53:35 GMT