Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1068bfea by Salvatore Bonaccorso at 2019-01-10T22:25:21Z
Update information for CVE-2018-2036{3,4,5}/libraw
Issue was not completely fixed upstream with the
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
but left one still an issue with half_size=1. Adressed in a followup
commit
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
..
Update fixed version to 0.19.2-2 as it is the version containing the
full set of fixes with the same underlying issue over all three CVEs.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6410,19 +6410,22 @@ CVE-2018-20367 (The "mall some commodity details:
commodity consultation&qu
CVE-2018-20366
RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer
overflow. ...)
- - libraw 0.19.2-1 (bug #917111)
+ - libraw 0.19.2-2 (bug #917111)
NOTE: https://github.com/LibRaw/LibRaw/issues/195
- NOTE:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root
cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a
NULL ...)
- - libraw 0.19.2-1 (bug #917112)
+ - libraw 0.19.2-2 (bug #917112)
NOTE: https://github.com/LibRaw/LibRaw/issues/194
- NOTE:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root
cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a
NULL pointer ...)
- - libraw 0.19.2-1 (bug #917113)
+ - libraw 0.19.2-2 (bug #917113)
NOTE: https://github.com/LibRaw/LibRaw/issues/193
- NOTE:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+ NOTE: Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root
cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of
...)
- faad2 <unfixed> (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1068bfeabc02628b58a99c9d266e1c911753d2bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1068bfeabc02628b58a99c9d266e1c911753d2bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
