[Git][security-tracker-team/security-tracker][master] Triage results.

Ola Lundqvist Wed, 19 Sep 2018 11:23:52 -0700

Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7f6079f9 by Ola Lundqvist at 2018-09-19T18:23:00Z
Triage results.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -169,11 +169,15 @@ CVE-2018-17102 (An issue was discovered in QuickAppsCMS 
(aka QACMS) through ...)
 CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two 
out-of-bounds ...)
        - tiff <unfixed> (bug #909037)
        - tiff3 <removed>
+       [stretch] - tiff <postponed> (Can be fixed along in future DSA)
+       [jessie] - tiff <postponed> (Can be fixed along in future DLA)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
        NOTE: 
https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 
overflow in ...)
        - tiff <unfixed> (bug #909038)
        - tiff3 <removed>
+       [stretch] - tiff <postponed> (Can be fixed along in future DSA)
+       [jessie] - tiff <postponed> (Can be fixed along in future DLA)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
        NOTE: 
https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
 CVE-2018-17099
@@ -199,6 +203,7 @@ CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error 
handlers for SAFER]
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
 CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library 
(aka ...)
        - audiofile <unfixed>
+       [jessie] - audiofile <postponed> (Can be fixed along in future DLA)
        NOTE: https://github.com/mpruett/audiofile/issues/50
        NOTE: https://github.com/mpruett/audiofile/issues/51
 CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a 
NULL ...)
@@ -406,6 +411,8 @@ CVE-2018-17001
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at 
tif_unix.c ...)
        - tiff <unfixed> (bug #908778)
        - tiff3 <removed>
+       [stretch] - tiff <postponed> (Can be fixed along in future DSA)
+       [jessie] - tiff <postponed> (Can be fixed along in future DLA)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
 CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write 
...)
        - nasm <unfixed> (unimportant)
@@ -7075,6 +7082,7 @@ CVE-2018-14321
        RESERVED
 CVE-2018-14320 (This vulnerability allows remote attackers to disclose 
sensitive ...)
        - libpodofo <unfixed>
+       [jessie] - libpodofo <ignored> (Minor issue)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
 CVE-2018-14319
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f6079f9eaa4b5c6e230517272ed1096d61323ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f6079f9eaa4b5c6e230517272ed1096d61323ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage results.

Reply via email to