Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ee9b6a0 by Salvatore Bonaccorso at 2019-03-12T06:47:20Z
Track fixes for zziplib via unstable for several issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32410,7 +32410,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows
remote attackers to bypass t
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory
Traversal via ...)
NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a
memory ...)
- - zziplib <unfixed> (low; bug #910335)
+ - zziplib 0.13.62-3.2 (low; bug #910335)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/58
@@ -55534,7 +55534,7 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib
0.13.68. There is a memory lea
NOTE:
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
(v0.13.69)
NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary
packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus
error caused ...)
- - zziplib <unfixed> (low; bug #913165)
+ - zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -55544,7 +55544,7 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib
0.13.68. There is a bus error
NOTE:
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
(v0.13.69)
NOTE:
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
(v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory
address ...)
- - zziplib <unfixed> (low; bug #913165)
+ - zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -58399,7 +58399,7 @@ CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall
Website Seller Script 2.
NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation
and a ...)
{DLA-1287-1}
- - zziplib <unfixed> (bug #889089)
+ - zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/22
@@ -59447,14 +59447,14 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus
error (when handling a ...)
NOTE:
https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e
(v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary
packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- - zziplib <unfixed> (bug #889089)
+ - zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
(v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
...)
- - zziplib <unfixed> (bug #923659)
+ - zziplib 0.13.62-3.2 (bug #923659)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
@@ -59714,7 +59714,7 @@ CVE-2018-6485 (An integer overflow in the
implementation of the posix_memalign i
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus
error in ...)
- - zziplib <unfixed> (bug #889089)
+ - zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
@@ -59957,7 +59957,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows
local users to conduct SQL
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by
invalid ...)
- - zziplib <unfixed> (bug #889096)
+ - zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee9b6a0ea35120996f03053fd153ab7d75dc88e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee9b6a0ea35120996f03053fd153ab7d75dc88e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
