Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9da4067 by Salvatore Bonaccorso at 2018-03-02T10:47:59+01:00
Add new cimg issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -93,11 +93,16 @@ CVE-2018-7591
 CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting 
in ...)
        NOT-FOR-US: Hoosk
 CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in 
load_bmp in ...)
-       TODO: check
+       - cimg <unfixed>
+       NOTE: https://github.com/dtschump/CImg/issues/184
+       NOTE: 
https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
-       TODO: check
+       - cimg <unfixed>
+       NOTE: https://github.com/dtschump/CImg/issues/183
+       NOTE: 
https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
 CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading 
a ...)
-       TODO: check
+       - cimg <unfixed>
+       TODO: check, not reported upstream
 CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, 
gallery ...)
        NOT-FOR-US: nextgen-gallery plugin for WordPress
 CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9da4067687ae586a24ae79b401e72e7f7028f24

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9da4067687ae586a24ae79b401e72e7f7028f24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to