Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7c38d07 by Salvatore Bonaccorso at 2019-03-03T12:51:51Z
Add upstream tag information for various zziplib CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54935,21 +54935,21 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib
0.13.68. There is a memory lea
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/40
- NOTE:
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
+ NOTE:
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
(v0.13.69)
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus
error caused ...)
- zziplib <unfixed> (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/41
- NOTE:
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
+ NOTE:
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
(v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory
address ...)
- zziplib <unfixed> (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/39
- NOTE:
https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
+ NOTE:
https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
(v0.13.69)
CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the
name ...)
- piwigo <removed>
NOTE: https://github.com/Piwigo/Piwigo/issues/872
@@ -57802,7 +57802,7 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an
uncontrolled memory allocation an
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/22
- NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
(v0.13.68)
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall
Slickdeals / ...)
NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone
Script
CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba
Clone ...)
@@ -58843,7 +58843,7 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer
overflow in the function
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
- zziplib <unfixed> (unimportant)
NOTE: https://github.com/gdraheim/zziplib/issues/17
- NOTE:
https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e
+ NOTE:
https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e
(v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary
packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- zziplib <unfixed> (bug #889089)
@@ -58851,14 +58851,14 @@ CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus
error caused by loading of a .
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
- NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
(v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- zziplib <unfixed> (bug #923659)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/15
- NOTE:
https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07
+ NOTE:
https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07
(v0.13.68)
CVE-2018-6539
RESERVED
CVE-2018-6538
@@ -59118,7 +59118,7 @@ CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory
alignment error and bus err
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/14
- NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
(v0.13.68)
CVE-2018-6483
RESERVED
CVE-2018-6482
@@ -59361,7 +59361,7 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a
segmentation fault caused by inval
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/12
- NOTE:
https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598
+ NOTE:
https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598
(v0.13.68)
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes
leads ...)
NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri
class ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7c38d07bc6fba5f8620f2525ba593e49b04bd5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7c38d07bc6fba5f8620f2525ba593e49b04bd5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
