[Git][security-tracker-team/security-tracker][master] tiff non-issue

Moritz Muehlenhoff jmm at debian.org
Fri Apr 27 11:14:39 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a50eff0 by Moritz Muehlenhoff at 2018-04-27T12:14:13+02:00
tiff non-issue
add note for roundcube

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -790,7 +790,9 @@ CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test .
 CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an ...)
 	NOT-FOR-US: XYHCMS
 CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 ...)
-	TODO: check, possible invalid (for src:tiff) assignment, cf. upstream bug
+	- tiff <unfixed> (unimportant)
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10125
 	RESERVED
 CVE-2018-10123
@@ -8145,6 +8147,8 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permi
 	NOTE: https://github.com/roundcube/roundcubemail/issues/6173
 	NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
 	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
+	NOTE: That plugin is not functional in stretch due to a missing package dependency, setting it
+	NOTE: up would require several additional manual changes on the admin's side
 	NOTE: Can be mitigated by moving home folder outside the scope of the webserver
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after ...)
 	NOT-FOR-US: PyBitmessage



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a50eff021c31a5080c309ca11f68f2daa23645d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a50eff021c31a5080c309ca11f68f2daa23645d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180427/a660a808/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list