Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4dab84c0 by Salvatore Bonaccorso at 2018-10-31T16:32:51Z
Make clear flif in experimental is unfixed as for now
The package is more ore less dead upstream, and arguably it should be
removed from Debian maybe completely (even not in experimental).
Maintainer though explicitly wants it still in experimental. As such
make clear that all the issues are yet unfixed in the experimental
version. If the package will ever enter unstable again status needs to
be rechecked.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9706,6 +9706,7 @@ CVE-2018-14878 (JetBrains dotPeek before 2018.2 and
ReSharper Ultimate before 20
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via
Site ...)
NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in
image/image-png.cpp in ...)
+ [experimental] - flif <unfixed>
- flif <removed>
NOTE: https://github.com/FLIF-hub/FLIF/issues/520
CVE-2018-14875
@@ -16922,6 +16923,7 @@ CVE-2018-12111 (Cross-site scripting (XSS)
vulnerability in the Canon PrintMe EF
CVE-2018-12110 (portfolioCMS 1.0.5 has SQL Injection via the
admin/portfolio.php ...)
NOT-FOR-US: portfolioCMS
CVE-2018-12109 (An issue was discovered in Free Lossless Image Format (FLIF)
0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #902196)
NOTE: https://github.com/FLIF-hub/FLIF/issues/513
CVE-2018-12108 (An issue was discovered in Dropbox Lepton 1.2.1. The ...)
@@ -18533,6 +18535,7 @@ CVE-2018-11508 (The compat_get_timex function in
kernel/compat.c in the Linux ke
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
NOTE: Fixed by:
https://git.kernel.org/linus/0a0b98734479aa5b3c671d5190e86273372cab95
CVE-2018-11507 (An issue was discovered in Free Lossless Image Format (FLIF)
0.3. An ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #902188)
NOTE: https://github.com/FLIF-hub/FLIF/issues/509
CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the
Linux kernel ...)
@@ -19955,9 +19958,11 @@ CVE-2018-10974 (In 2345 Security Guard 3.7, the driver
file (2345BdPcSafe.sys, X
CVE-2018-10973 (An integer overflow in the transferMulti function of a smart
contract ...)
NOT-FOR-US: KoreaShow
CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF)
0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #898407)
NOTE: https://github.com/FLIF-hub/FLIF/issues/503
CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF)
0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #898406)
NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dab84c0ad953e5674b1aae53864bf7482087c50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dab84c0ad953e5674b1aae53864bf7482087c50
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
