Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0efc30d2 by Moritz Muehlenhoff at 2019-03-18T22:11:15Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1557,6 +1557,7 @@ CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in
pngex.cc in advpng has an int
NOTE: Fixed by
https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted
excessi ...)
- libpodofo <unfixed> (low; bug #923415)
+ [buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/34/
@@ -3641,10 +3642,9 @@ CVE-2019-8345 (The Help feature in the ES File Explorer
File Manager application
CVE-2019-8344
RESERVED
CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free
in past ...)
- - nasm <unfixed> (bug #922433)
- [stretch] - nasm <no-dsa> (Minor issue)
- [jessie] - nasm <no-dsa> (Minor issue)
+ - nasm <unfixed> (unimportant; bug #922433)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
+ NOTE: Crash in CLI tool, no security impact
CVE-2019-8342
RESERVED
CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string
function is pr ...)
@@ -15319,10 +15319,9 @@ CVE-2018-20539 (There is a Segmentation fault
triggered by illegal address acces
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/159
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function
pp_getline) in Ne ...)
- - nasm <unfixed> (bug #918269)
- [stretch] - nasm <no-dsa> (Minor issue)
- [jessie] - nasm <no-dsa> (Minor issue)
+ - nasm <unfixed> (unimportant; bug #918269)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
+ NOTE: Crash in CLI tool, no security impact
CVE-2018-20537 (There is a NULL pointer dereference at
liblas::SpatialReference::GetGT ...)
- liblas <unfixed> (low; bug #924614)
[buster] - liblas <no-dsa> (Minor issue)
@@ -15336,10 +15335,9 @@ CVE-2018-20536 (There is a heap-based buffer over-read
at liblas::SpatialReferen
[jessie] - liblas <no-dsa> (Minor issue)
NOTE: https://github.com/libLAS/libLAS/issues/161
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function
pp_getline) in Ne ...)
- - nasm <unfixed> (bug #918270)
- [stretch] - nasm <no-dsa> (Minor issue)
- [jessie] - nasm <no-dsa> (Minor issue)
+ - nasm <unfixed> (unimportant; bug #918270)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
+ NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (There is an illegal address access at src/pool.h (function
pool_whatpr ...)
- libsolv <unfixed> (low; bug #923002)
[stretch] - libsolv <ignored> (Minor issue)
@@ -19964,10 +19962,9 @@ CVE-2018-20007
CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored
XSS vulne ...)
NOT-FOR-US: PHPok
CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a
use-after ...)
- - mxml <unfixed> (low)
- [stretch] - mxml <no-dsa> (Minor issue)
- [jessie] - mxml <ignored> (Minor issue)
+ - mxml <unfixed> (unimportant)
NOTE: https://github.com/michaelrsweet/mxml/issues/234
+ NOTE: Crash in mxmldoc CLI tool, no security impact
CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a
stack-bas ...)
{DLA-1641-1}
- mxml 2.12-2 (low; bug #918007)
@@ -21505,11 +21502,10 @@ CVE-2018-19757 (There is a NULL pointer dereference
at function sixel_helper_set
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h
(function: stbi_ ...)
TODO: check
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function:
is_mmac ...)
- - nasm <unfixed> (bug #915087)
- [stretch] - nasm <no-dsa> (Minor issue)
- [jessie] - nasm <no-dsa> (Minor issue)
+ - nasm <unfixed> (unimportant; bug #915087)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
NOTE:
https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
+ NOTE: Crash in CLI tool, no security impact
CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access
Control. ...)
NOT-FOR-US: Tarantella Enterprise
CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal.
...)
@@ -34539,12 +34535,9 @@ CVE-2018-15891
CVE-2018-15890
RESERVED
CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects()
in base ...)
- - libpodofo <unfixed> (low; bug #916167)
- [stretch] - libpodofo <no-dsa> (Minor issue)
- [jessie] - libpodofo <no-dsa> (Minor issue)
+ NOTE: Duplicate of CVE-2018-5783
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620065
NOTE: https://sourceforge.net/p/podofo/tickets/27/
- NOTE: upstream thinks this could be a duplicate of CVE-2018-5783
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering
ordinary use ...)
NOT-FOR-US: ASPCMS
CVE-2017-18346
@@ -55377,6 +55370,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1,
is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
+ [buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -67865,6 +67859,7 @@ CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer
over-read exists in the fun
[wheezy] - opencv <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/opencv/opencv/issues/10479
NOTE: Introduced after:
https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
+ NOTE: Fixed:
https://github.com/opencv/opencv/commit/4ca89db22dea962690f31c1781bce5937ee91837
CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in
ReadPWPImage in ...)
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
@@ -103840,7 +103835,8 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of
size 1 in the refill functio
NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the
bufferedReadPixels ...)
- - openexr <unfixed> (bug #873885)
+ - openexr <unfixed> (low; bug #873885)
+ [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
@@ -103855,6 +103851,7 @@ CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of
size 1 in the getBits functi
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE
function ...)
- openexr <unfixed> (bug #873885)
+ [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0efc30d291b5d4570f402a823f3cb558208a3097
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0efc30d291b5d4570f402a823f3cb558208a3097
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
