[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream issue and commit reference for CVE-2018-11439

Salvatore Bonaccorso Sun, 15 Jul 2018 12:12:53 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4af2a3c2 by Salvatore Bonaccorso at 2018-07-15T21:12:14+02:00
Add upstream issue and commit reference for CVE-2018-11439

- - - - -
0ab40c69 by Salvatore Bonaccorso at 2018-07-15T21:12:15+02:00
Add reported bug reference for CVE-2018-11439

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6460,9 +6460,11 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer 
Overflow in the function
        NOTE: https://github.com/liblouis/liblouis/issues/575
        NOTE: 
https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
 CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp 
in ...)
-       - taglib <unfixed>
+       - taglib <unfixed> (bug #903847)
        NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
-       NOTE: https://github.com/taglib/taglib/pull/869
+       NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
+       NOTE: Pull request: https://github.com/taglib/taglib/pull/869
+       NOTE: Upstream fix: 
https://github.com/sgayou/taglib/commit/272648ccfcccae30e002ccf34a22e075dd477278
 CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 
0.3 ...)
        NOT-FOR-US: Libmobi
 CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in 
Libmobi 0.3 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd2639a6bb1da7e1261c7933e2981daf4850ce41...0ab40c69ed811bf06b866c4159de1b675cd6cf8f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd2639a6bb1da7e1261c7933e2981daf4850ce41...0ab40c69ed811bf06b866c4159de1b675cd6cf8f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream issue and commit reference for CVE-2018-11439

Reply via email to