Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 43a071b7 by Hugo Lefeuvre at 2019-01-22T07:29:39Z openjpeg2: mark CVE-2018-5727 <ignored> in jessie This is a small ubsan integer overflow check failure, not even a crash. It is very unclear whether there is a security impact at all (no buffer overflow or whatsoever appears to follow this integer overflow, so this might only be an issue with regard to output validity). - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -54047,6 +54047,7 @@ CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the ...) - openjpeg2 <unfixed> (low; bug #888532) + [jessie] - openjpeg2 <ignored> (Minor issue, security impact not clear) NOTE: https://github.com/uclouvain/openjpeg/issues/1053 CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain ...) NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices ===================================== data/dla-needed.txt ===================================== @@ -90,10 +90,6 @@ nss NOTE: 20181217: Contacted Mozilla security with a request for access to the BZ issue. (roberto) NOTE: 20190121: If you intend to take up this package, please email me and I will provide a detailed summary of what has been done so far. (roberto) -- -openjpeg2 - NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either. - NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle) --- openssh -- phpmyadmin (Lucas Kanashiro) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits