[Git][security-tracker-team/security-tracker][master] discount: reference directly the reproducing file to better identify the CVEs

Sun, 27 May 2018 01:35:59 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1a0ebb55 by Salvatore Bonaccorso at 2018-05-27T10:34:35+02:00
discount: reference directly the reproducing file to better identify the CVEs

Since the reporter did fill all the issues in one upstream issue
directly reference the pocs as well to make it clear which CVE is for
which issue.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,11 @@ CVE-2018-11505 (The Werewolf Online application 0.8.8 for 
Android allows attacke
 CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 
2.2.3a ...)
        - discount <unfixed>
        NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
+       NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
 CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in 
DISCOUNT ...)
        - discount <unfixed>
        NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
+       NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
 CVE-2018-11502
        RESERVED
 CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via ...)
@@ -80,6 +82,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests 
including an Authoriz
 CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in 
DISCOUNT ...)
        - discount <unfixed>
        NOTE: https://github.com/Orc/discount/issues/189
+       NOTE: POC: 
https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
 CVE-2018-11467
        RESERVED
 CVE-2018-11466



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a0ebb5505b2a210b88a08d6f4c2634c17b0a1d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a0ebb5505b2a210b88a08d6f4c2634c17b0a1d5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to