Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a8230186 by Salvatore Bonaccorso at 2018-02-21T21:38:16+01:00 Add CVE-2018-7263/libmad This CVE assignment is highly confusing, because even the master references from the MITRE database reference to a SUSE bug which claims that this is a an issue in mpg123 and it is a duplicate of the previously assigned CVE. Pending request to MITRE for clarification. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -36,7 +36,11 @@ CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b . NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647 NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...) - TODO: check + - libmad <unfixed> + NOTE: Possible overlap with CVE-2017-11552 and relates to the issue raised in + NOTE: https://bugs.debian.org/870608 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784 + TODO: clarify with MITRE why this CVE was additionally assigned CVE-2018-7262 RESERVED CVE-2018-7261 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits