[Git][security-tracker-team/security-tracker][master] new libxkbcommon issues

Moritz Muehlenhoff jmm at debian.org
Sun Aug 26 09:19:46 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb2d5a49 by Moritz Muehlenhoff at 2018-08-26T08:19:19Z
new libxkbcommon issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,29 +29,51 @@ CVE-2018-15866
 CVE-2018-15865
 	RESERVED
 CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
 CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
 CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/4e2ee9c3f6050d773f8bbe05bc0edb17f1ff8371
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
 CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
 CVE-2018-15860
 	RESERVED
 CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
 CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15857 (An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15856 (An infinite loop when reaching EOL unexpectedly in compose/parser.c ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15855 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15854 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and ...)
-	TODO: check
+	- libxkbcommon <unfixed> (low)
+	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
+	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
 CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb2d5a49f88a1ce8c6456cb88b583a66f573a07a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb2d5a49f88a1ce8c6456cb88b583a66f573a07a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180826/71e81271/attachment.html>

More information about the debian-security-tracker-commits mailing list