Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37127a30 by Hugo Lefeuvre at 2018-11-19T16:52:40Z
data/CVE: update openjpeg2 cve notes
Reference my patches for CVE-2017-17480 and CVE-2018-18088.
CVE-2018-5785 is actually not affecting Jessie, support for this BMP
version was added later.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3436,6 +3436,7 @@ CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer
dereference for "red"
- openjpeg2 <unfixed> (low; bug #910763)
[stretch] - openjpeg2 <ignored> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1152
+ NOTE:
https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a
logged-in user ...)
NOT-FOR-US: Bixie Portfolio plugin for Pagekit
CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in
the ...)
@@ -36539,8 +36540,11 @@ CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631,
there is an infinite loop an
NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an
...)
- openjpeg2 <unfixed> (low; bug #888533)
+ [jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/uclouvain/openjpeg/issues/1057
NOTE:
https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
+ NOTE: vulnerable code introduced in
+ NOTE:
https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption
in the ...)
{DLA-1411-1 DLA-1391-1}
- tiff 4.0.9-4 (bug #890441)
@@ -49040,6 +49044,7 @@ CVE-2017-17481
CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was
discovered in the ...)
- openjpeg2 <unfixed> (bug #884738)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
+ NOTE:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was
discovered in the ...)
- openjpeg2 <unfixed> (unimportant)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37127a302c05120b8e33f357835419f2263a7456
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37127a302c05120b8e33f357835419f2263a7456
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
