Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e1a9b29 by Salvatore Bonaccorso at 2018-12-03T21:34:22Z
Several opencv issues fixed in experimental via new upstream version
Track fix in experimental. Might need a second review going over all the
known CVEs for src:opencv and double-check for correctness.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42034,12 +42034,14 @@ CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium
3.3.1.2183, the driver fil
NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
{DLA-1438-1 DLA-1354-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886675)
[stretch] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport:
https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
{DLA-1438-1 DLA-1354-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886674)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
@@ -45715,6 +45717,7 @@ CVE-2017-1000451 (fs-git is a file system like api for
git repository. The fs-gi
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions
FillUniColor and ...)
{DLA-1438-1 DLA-1235-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886282)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
@@ -45809,6 +45812,7 @@ CVE-2017-18011 (The MyCBGenie Affiliate Ads for
Clickbank Products plugin throug
CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin
before ...)
NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for
WordPress
CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the
function ...)
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed>
[stretch] - opencv <not-affected> (Vulnerable code introduced later)
[jessie] - opencv <not-affected> (Vulnerable code introduced later)
@@ -47232,6 +47236,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based
buffer over-read in ...)
NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the
cv::PxMDecoder::readData ...)
{DLA-1438-1 DLA-1235-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #885843)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
@@ -70418,16 +70423,19 @@ CVE-2017-12865 (Stack-based buffer overflow in
"dnsproxy.c" in connman
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71
(1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function
ReadNumber did ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875345)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875344)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer
...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875342)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
@@ -71240,25 +71248,30 @@ CVE-2016-10404 (XSS exists in Liferay Portal before
7.0 CE GA4 via a crafted red
NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an invalid ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a
denial ...)
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872045)
[stretch] - opencv <ignored> (Minor issue)
[jessie] - opencv <ignored> (Minor issue)
@@ -71266,10 +71279,12 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision
Library) through 3.3 has a d
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a
buffer ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a
denial ...)
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872045)
[stretch] - opencv <ignored> (Minor issue)
[jessie] - opencv <ignored> (Minor issue)
@@ -71277,16 +71292,19 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision
Library) through 3.3 has a d
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has
an ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -134516,6 +134534,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers
to cause a denial of service
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to
execute ...)
{DLA-1438-1 DLA-1117-1}
+ [experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872043)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e1a9b298731c45f998150536e8f72c6a0d78b21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e1a9b298731c45f998150536e8f72c6a0d78b21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
