[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record CVE-2018-383{7, 8, 9} which were already fixed with the sdl-image1.2/1.2.12-2+deb7u2 upload

Thu Apr 12 22:04:52 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
740dd325 by Salvatore Bonaccorso at 2018-04-12T23:04:02+02:00
Record CVE-2018-383{7,8,9} which were already fixed with the sdl-image1.2/1.2.12-2+deb7u2 upload

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -16137,19 +16137,22 @@ CVE-2018-3841
 	RESERVED
 CVE-2018-3840
 	RESERVED
-CVE-2018-3839 (An exploitable code execution vulnerability exists in the eCF image ...)
+CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image ...)
+	{DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
 	TODO: check fixing commit(s)
 CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image ...)
+	{DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
 	TODO: check fixing commit(s)
 CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX ...)
+	{DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -10,7 +10,7 @@
 [09 Apr 2018] DLA-1283-2 python-crypto - security update
 	[wheezy] - python-crypto 2.6-4+deb7u8
 [06 Apr 2018] DLA-1341-1 sdl-image1.2 - security update
-	{CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450}
+	{CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839}
 	[wheezy] - sdl-image1.2 1.2.12-2+deb7u2
 [06 Apr 2018] DLA-1340-1 sam2p - security update
 	{CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/740dd32571c65b4b20bd9ac52c9afe87af32f318

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/740dd32571c65b4b20bd9ac52c9afe87af32f318
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180412/81edee6d/attachment-0001.html>
