[Git][security-tracker-team/security-tracker][master] Add new perl issues
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 14 14:23:06 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
026be24d by Salvatore Bonaccorso at 2018-04-14T15:22:49+02:00
Add new perl issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8224,8 +8224,12 @@ CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because JavaScr
NOT-FOR-US: Progress Sitefinity
CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management Template ...)
NOT-FOR-US: Progress Sitefinity
-CVE-2018-6913
+CVE-2018-6913 [heap-buffer-overflow in S_pack_rec]
RESERVED
+ - perl <unfixed>
+ NOTE: https://rt.perl.org/Public/Bug/Display.html?id=13184
+ NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d
+ NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
- ffmpeg <unfixed> (low)
[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
@@ -8495,10 +8499,22 @@ CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
- graphicsmagick 1.3.28-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
-CVE-2018-6798
- RESERVED
-CVE-2018-6797
- RESERVED
+CVE-2018-6798 [Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)]
+ RESERVED
+ - perl <unfixed>
+ [jessie] - perl <not-affected> (Issue introduced later)
+ NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132063
+ NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
+ NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
+ NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
+ NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
+CVE-2018-6797 [heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)]
+ RESERVED
+ - perl <unfixed>
+ [jessie] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
+ NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132227
+ NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
+ NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2
CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored ...)
NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/026be24d0706c6edc624dac57107018bf3910fa0
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/026be24d0706c6edc624dac57107018bf3910fa0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180414/5516018b/attachment.html>
More information about the debian-security-tracker-commits
mailing list