Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e11fc77 by Salvatore Bonaccorso at 2019-02-04T16:36:00Z
Mark CVE-2018-14048/libpng1.6 as unimportant
The reason for the unimportant severity is that the underlying issue is
actually in the use of the libpng library by the pnm2png tool, which is
not shipped in the binary packages produced.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32818,11 +32818,10 @@ CVE-2018-14050 (An issue has been found in libwav
through 2017-04-20. It is a SE
CVE-2018-14049 (An issue has been found in libwav through 2017-04-20. It is a
SEGV in ...)
NOT-FOR-US: libwav
CVE-2018-14048 (An issue has been found in libpng 1.6.34. It is a SEGV in the
function ...)
- - libpng1.6 <unfixed>
- [stretch] - libpng1.6 <no-dsa> (Minor issue)
- - libpng <removed>
- [jessie] - libpng <no-dsa> (Minor issue)
+ - libpng1.6 <unfixed> (unimportant)
+ - libpng <removed> (unimportant)
NOTE: https://github.com/glennrp/libpng/issues/238
+ NOTE: Issue in use of libpng in pnm2png not shipped in binary packages.
CVE-2018-14047 (** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It
is a SEGV ...)
- pngwriter <removed>
NOTE: https://github.com/pngwriter/pngwriter/issues/129
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e11fc77d45702c400a35263b023c65453f9b2ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e11fc77d45702c400a35263b023c65453f9b2ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
