[Git][security-tracker-team/security-tracker][master] Update CVE-2018-384{8,9}/cfitsio

Mon, 16 Apr 2018 13:34:53 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6879f834 by Salvatore Bonaccorso at 2018-04-16T22:33:47+02:00
Update CVE-2018-384{8,9}/cfitsio

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -684,6 +684,7 @@ CVE-2018-1000166 [Unsafe use of sprintf() can allow a 
remote unauthenticated att
        [jessie] - cfitsio <no-dsa> (Minor issue)
        NOTE: https://github.com/astropy/astropy/pull/7274
        NOTE: Mitigated to a crash due to hardened build flags
+       NOTE: CVE-2018-1000166 is likely a duplicate of CVE-2018-3848 and 
CVE-2018-3849
 CVE-2018-1000164 [Improper neutralization of CRLF Sequences 
http/wsgi.py:process_headers() can allow an attacker to cause a server to 
return arbitrary HTTP headers]
        - gunicorn 19.5.0-1
        NOTE: 
https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
@@ -16307,9 +16308,17 @@ CVE-2018-3851
 CVE-2018-3850
        RESERVED
 CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted 
images ...)
-       TODO: check
+       - cfitsio 3.430-1 (low)
+       [stretch] - cfitsio <no-dsa> (Minor issue)
+       [jessie] - cfitsio <no-dsa> (Minor issue)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
+       NOTE: Mitigated to a crash due to hardened build flags
 CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted 
images ...)
-       TODO: check
+       - cfitsio 3.430-1 (low)
+       [stretch] - cfitsio <no-dsa> (Minor issue)
+       [jessie] - cfitsio <no-dsa> (Minor issue)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
+       NOTE: Mitigated to a crash due to hardened build flags
 CVE-2018-3847
        RESERVED
 CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, 
specially ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6879f8346ffb460e9c569b6b842e18541794817a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6879f8346ffb460e9c569b6b842e18541794817a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to