Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88a79ad6 by Markus Koschany at 2018-04-21T18:55:40+02:00
Mark gegl issues as no-dsa in Wheezy
Not reproducible with the provided POCs in Wheezy. Gegl might still be
vulnerable, at least the fix for CVE-2018-10114 can be applied in Wheezy too. I
don't think it is important enough to spend time on it but can always be
fixed if
more important issues arise.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -343,19 +343,23 @@ CVE-2018-10114 (An issue was discovered in GEGL through
0.3.32. The ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
NOTE:
https://git.gnome.org/browse/gegl/commit/?id=c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
NOTE: POC
https://github.com/xiaoqx/pocs/tree/master/gegl#1-gegl-outbound-write-1
+ [wheezy] - gegl <no-dsa> (Minor issue)
CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process
function in ...)
- gegl <unfixed> (low)
[stretch] - gegl <no-dsa> (Minor issue)
[jessie] - gegl <no-dsa> (Minor issue)
+ [wheezy] - gegl <no-dsa> (Minor issue)
NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#3-gegl-dos-2
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The ...)
- gegl <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
NOTE:
https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
+ [wheezy] - gegl <no-dsa> (Minor issue)
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The
render_rectangle ...)
- gegl <unfixed> (low)
[stretch] - gegl <no-dsa> (Minor issue)
[jessie] - gegl <no-dsa> (Minor issue)
+ [wheezy] - gegl <no-dsa> (Minor issue)
NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#2-gegl-dos-1
CVE-2018-10110 (D-Link DIR-615 T1 devices allow XSS via the Add User feature.
...)
NOT-FOR-US: D-Link
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88a79ad6de9752d6b183e89d863a97372a6a45d5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/88a79ad6de9752d6b183e89d863a97372a6a45d5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
