Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8230186 by Salvatore Bonaccorso at 2018-02-21T21:38:16+01:00
Add CVE-2018-7263/libmad
This CVE assignment is highly confusing, because even the master
references from the MITRE database reference to a SUSE bug which claims
that this is a an issue in mpg123 and it is a duplicate of the
previously assigned CVE.
Pending request to MITRE for clarification.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36,7 +36,11 @@ CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in
libid3tag through 0.15.1b .
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
NOTE:
https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad
through ...)
- TODO: check
+ - libmad <unfixed>
+ NOTE: Possible overlap with CVE-2017-11552 and relates to the issue
raised in
+ NOTE: https://bugs.debian.org/870608
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
+ TODO: clarify with MITRE why this CVE was additionally assigned
CVE-2018-7262
RESERVED
CVE-2018-7261
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
