[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two CVEs for p7zip

Wed, 24 Jan 2018 13:31:34 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c299988 by Salvatore Bonaccorso at 2018-01-24T22:29:54+01:00
Add two CVEs for p7zip

It is unclear if those affect p7zip, not triaged yet. In particular
CVE-2018-5996 might be not-affected and the code.

Cf. 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/#fn:2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -483,8 +483,11 @@ CVE-2018-1000007 [HTTP authentication leak in redirects]
        - curl 7.58.0-1
        NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
        NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
-CVE-2018-5996
+CVE-2018-5996 [Memory Corruptions via RAR PPMd]
        RESERVED
+       - p7zip <unfixed> (bug #888297)
+       NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
+       TODO: check
 CVE-2018-5995
        RESERVED
 CVE-2018-5994
@@ -5833,8 +5836,10 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in 
GitLab Projects Import]
        NOTE: 
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow 
remote ...)
        NOT-FOR-US: Muviko
-CVE-2017-17969
+CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow]
        RESERVED
+       - p7zip <unfixed> (bug #888297)
+       NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 CVE-2018-3709
        RESERVED
 CVE-2018-3708



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to