Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6879f834 by Salvatore Bonaccorso at 2018-04-16T22:33:47+02:00 Update CVE-2018-384{8,9}/cfitsio - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -684,6 +684,7 @@ CVE-2018-1000166 [Unsafe use of sprintf() can allow a remote unauthenticated att [jessie] - cfitsio <no-dsa> (Minor issue) NOTE: https://github.com/astropy/astropy/pull/7274 NOTE: Mitigated to a crash due to hardened build flags + NOTE: CVE-2018-1000166 is likely a duplicate of CVE-2018-3848 and CVE-2018-3849 CVE-2018-1000164 [Improper neutralization of CRLF Sequences http/wsgi.py:process_headers() can allow an attacker to cause a server to return arbitrary HTTP headers] - gunicorn 19.5.0-1 NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5 @@ -16307,9 +16308,17 @@ CVE-2018-3851 CVE-2018-3850 RESERVED CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted images ...) - TODO: check + - cfitsio 3.430-1 (low) + [stretch] - cfitsio <no-dsa> (Minor issue) + [jessie] - cfitsio <no-dsa> (Minor issue) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 + NOTE: Mitigated to a crash due to hardened build flags CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted images ...) - TODO: check + - cfitsio 3.430-1 (low) + [stretch] - cfitsio <no-dsa> (Minor issue) + [jessie] - cfitsio <no-dsa> (Minor issue) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 + NOTE: Mitigated to a crash due to hardened build flags CVE-2018-3847 RESERVED CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6879f8346ffb460e9c569b6b842e18541794817a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6879f8346ffb460e9c569b6b842e18541794817a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits