patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1

To: debian-security@lists.debian.org
Subject: patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1
From: Michael Crusoe <michael.crusoe@gmail.com>
Date: Sun, 9 Dec 2018 11:28:24 +0900
Message-id: <[🔎] CAD=WrcLB3ARrxPpvGv1UjYadLMMVZPZwP00bDi=gQ8asZG3eiA@mail.gmail.com>

Dear colleagues,

Attached is a patch to mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1.

I also submitted a pull request https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/29 as I didn't know which method is preferred.

This is my first time interacting with the security-team/CVEs; please let me know if I'm not doing this correctly or could do it better.

Thanks!

Michael R. Crusoe
Co-founder & Lead, Common Workflow Language project

Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania

Debian Maintainer, Med team

https://orcid.org/0000-0002-2961-9670
mrc@commonwl.org

commit 919071ec9c62f8a85f3f14ecdf3ba231aab0288f
Author: Michael R. Crusoe <michael.crusoe@gmail.com>
Date:   Sun Dec 9 11:10:02 2018 +0900

    Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1

diff --git a/data/CVE/list b/data/CVE/list
index cf9f7231e5..ef9eb3d8f4 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19365,20 +19365,17 @@ CVE-2018-13847 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in ...
 CVE-2018-13846 (An issue has been found in Bento4 1.5.1-624. ...)
 	NOT-FOR-US: Bento4
 CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read in ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
 CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330
 CVE-2018-13843 (An issue has been found in HTSlib 1.8. It is a memory leak in ...)
-	[experimental] - htslib 1.9-1
-	- htslib <unfixed> (low)
+	- htslib 1.9-1 (low)
 	[stretch] - htslib <no-dsa> (Minor issue)
 	[jessie] - htslib <no-dsa> (Minor issue)
 	NOTE: https://github.com/samtools/htslib/issues/731#issue-339662537

Reply to:

Follow-Ups:
- Re: patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1
  - From: Michael Crusoe <michael.crusoe@gmail.com>

Prev by Date: Requires Translation & Interpretation Services
Next by Date: Re: patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1
Previous by thread: Requires Translation & Interpretation Services
Next by thread: Re: patch: Mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1
Index(es):
- Date
- Thread