Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8c299988 by Salvatore Bonaccorso at 2018-01-24T22:29:54+01:00 Add two CVEs for p7zip It is unclear if those affect p7zip, not triaged yet. In particular CVE-2018-5996 might be not-affected and the code. Cf. https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/#fn:2 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -483,8 +483,11 @@ CVE-2018-1000007 [HTTP authentication leak in redirects] - curl 7.58.0-1 NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch -CVE-2018-5996 +CVE-2018-5996 [Memory Corruptions via RAR PPMd] RESERVED + - p7zip <unfixed> (bug #888297) + NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ + TODO: check CVE-2018-5995 RESERVED CVE-2018-5994 @@ -5833,8 +5836,10 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import] NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...) NOT-FOR-US: Muviko -CVE-2017-17969 +CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow] RESERVED + - p7zip <unfixed> (bug #888297) + NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ CVE-2018-3709 RESERVED CVE-2018-3708 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits