[Git][security-tracker-team/security-tracker][master] openjpeg2: mark CVE-2018-5727 in jessie

Mon, 21 Jan 2019 23:35:57 -0800 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43a071b7 by Hugo Lefeuvre at 2019-01-22T07:29:39Z
openjpeg2: mark CVE-2018-5727 <ignored> in jessie

This is a small ubsan integer overflow check failure, not even a crash. It
is very unclear whether there is a security impact at all (no buffer
overflow or whatsoever appears to follow this integer overflow, so this
might only be an issue with regard to output validity).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -54047,6 +54047,7 @@ CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices 
allow remote attackers to
        NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability 
in the ...)
        - openjpeg2 <unfixed> (low; bug #888532)
+       [jessie] - openjpeg2 <ignored> (Minor issue, security impact not clear)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1053
 CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to 
obtain ...)
        NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices


=====================================
data/dla-needed.txt
=====================================
@@ -90,10 +90,6 @@ nss
   NOTE: 20181217: Contacted Mozilla security with a request for access to the 
BZ issue. (roberto)
   NOTE: 20190121: If you intend to take up this package, please email me and I 
will provide a detailed summary of what has been done so far. (roberto)
 --
-openjpeg2
-  NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not 
sure it's worth it either.
-  NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
---
 openssh
 --
 phpmyadmin (Lucas Kanashiro)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to