Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c562acd by Salvatore Bonaccorso at 2018-04-19T07:08:55+02:00
Expand note for CVE-2018-7889
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5419,7 +5419,10 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre
3.18 calls cPickle.load
- calibre 3.19.0+dfsg-1 (bug #892242)
NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
NOTE: deserialization fix
https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
- NOTE: insufficient as import also loads configuration files, which are
python executables, see https://lists.debian.org/[email protected]
+ NOTE: insufficient as import also loads configuration files, which are
python executables,
+ NOTE: see https://lists.debian.org/[email protected]
+ NOTE: The CVE assignment is specific to the issue fixed by upstream
commit
+ NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d.
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including
curl 7.58.0 ...)
{DSA-4136-1 DLA-1309-1}
- curl <unfixed> (bug #893546)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c562acd72b3bdffaacbeadd7a252094a48874f3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c562acd72b3bdffaacbeadd7a252094a48874f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
