[Git][security-tracker-team/security-tracker][master] Add CVE-2018-5360/tiff fixed version in stretch and onwards

Sat, 23 Mar 2019 11:32:20 -0700 

László Böszörményi pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f92ce49e by Laszlo Boszormenyi (GCS) at 2019-03-23T18:30:21Z
Add CVE-2018-5360/tiff fixed version in stretch and onwards

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64722,7 +64722,7 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress 
has XSS via the wpglobus_
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via 
wp-admin/options. ...)
        NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as 
demonstr ...)
-       - tiff <undetermined>
+       - tiff 4.0.6-3
        - tiff3 <undetermined>
        [wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
        NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
@@ -64730,7 +64730,6 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the 
reading of TIFF files, as dem
        NOTE: Same issue as http://bugzilla.maptools.org/show_bug.cgi?id=2500 
(CVE-2014-8127)
        NOTE: fixed as per 2016-10-25 (first release to ship the patch seems to 
be 4.0.7)
        NOTE: 
https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
-       NOTE: TODO check which exact Debian release contained the fix at first
 CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 
can be e ...)
        NOT-FOR-US: Flexense SysGauge
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the 
EncodeImageAttributes ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f92ce49e5177e301f5492795b009b8ecd242a644

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f92ce49e5177e301f5492795b009b8ecd242a644
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to