[Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues

Moritz Muehlenhoff Mon, 14 Jan 2019 14:40:03 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d07d829f by Moritz Muehlenhoff at 2019-01-14T22:39:00Z
new r-cran-readxl issues
more retroctively assigned Chromium CVE IDs

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6656,11 +6656,11 @@ CVE-2018-20454 (An issue was discovered in 74cms 
v4.2.111. ...)
 CVE-2018-20453 (The getlong function in numutils.c in libdoc through 
2017-10-23 has a ...)
        TODO: check, potentially affects src:catdoc
 CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an 
invalid ...)
-       TODO: check, potentially affects src:r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #919324)
 CVE-2018-20451 (The process_file function in reader.c in libdoc through 
2017-10-23 has ...)
        TODO: check, potentially affects src:catdoc
 CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double 
free that ...)
-       TODO: check, potentially affects src:r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #919324)
 CVE-2018-20449
        RESERVED
 CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the ...)
@@ -9850,19 +9850,20 @@ CVE-2018-20073 [chromium stores download meta data in 
extended attributes]
 CVE-2018-20072
        RESERVED
 CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...)
-       TODO: check
+       - chromium-browser 70.0.3538.67-1
+       [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter 
in Google ...)
-       TODO: check
+       - chromium 71.0.3578.80-1
 CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in 
Navigation ...)
-       TODO: check
+       - chromium <not-affected> (Specific to iOS)
 CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google 
Chrome ...)
-       TODO: check
+       - chromium 71.0.3578.80-1
 CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed 
to cancel ...)
-       TODO: check
+       - chromium 71.0.3578.80-1
 CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome 
prior to ...)
-       TODO: check
+       - chromium 71.0.3578.80-1
 CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
-       TODO: check
+       - chromium 71.0.3578.80-1
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary 
files via ...)
        NOT-FOR-US: doorGets
 CVE-2018-20063


=====================================
data/DSA/list
=====================================
@@ -51,7 +51,7 @@
        {CVE-2018-14851 CVE-2018-14883 CVE-2018-17082 CVE-2018-19518 
CVE-2018-19935}
        [stretch] - php7.0 7.0.33-0+deb9u1
 [07 Dec 2018] DSA-4352-1 chromium-browser - security update
-       {CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 
CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 
CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 
CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 
CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20346}
+       {CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 
CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 
CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 
CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 
CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20346 CVE-2018-20070 
CVE-2018-20068 CVE-2018-20067 CVE-2018-20066 CVE-2018-20065}
        [stretch] - chromium-browser 71.0.3578.80-1~deb9u1
 [07 Dec 2018] DSA-4351-1 libphp-phpmailer - security update
        {CVE-2018-19296}
@@ -119,7 +119,7 @@
        {CVE-2018-16839 CVE-2018-16842}
        [stretch] - curl 7.52.1-5+deb9u8
 [02 Nov 2018] DSA-4330-1 chromium-browser - security update
-       {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 
CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 
CVE-2018-17475 CVE-2018-17476 CVE-2018-17477}
+       {CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 
CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 
CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-20071}
        [stretch] - chromium-browser 70.0.3538.67-1~deb9u1
 [28 Oct 2018] DSA-4329-1 teeworlds - security update
        {CVE-2018-18541}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d07d829f0feff4ded71b9be99ab445364c793670

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d07d829f0feff4ded71b9be99ab445364c793670
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues

Reply via email to