[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1956{5,6,7,8}/dcraw issues

Salvatore Bonaccorso carnil at debian.org
Sun Dec 2 20:22:00 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d55f15d by Salvatore Bonaccorso at 2018-12-02T20:18:38Z
Add CVE-2018-1956{5,6,7,8}/dcraw issues

I intentionally added for now only the src:dcraw package itself. Many
other sources embedd src:dcraw (for instace src:rawtherapee) but we need
to check the impact for those.

Details on the reproducers:
https://www.openwall.com/lists/oss-security/2018/11/23/1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2583,13 +2583,17 @@ CVE-2018-19569
 	- gitlab 11.3.11+dfsg-1
 	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
 CVE-2018-19568 (A floating point exception in kodak_radc_load_raw in dcraw through 9.28 ...)
-	TODO: check
+	- dcraw <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
 CVE-2018-19567 (A floating point exception in parse_tiff_ifd in dcraw through 9.28 ...)
-	TODO: check
+	- dcraw <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
 CVE-2018-19566 (A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could ...)
-	TODO: check
+	- dcraw <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
 CVE-2018-19565 (A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be ...)
-	TODO: check
+	- dcraw <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
 CVE-2019-0535
 	RESERVED
 CVE-2019-0534



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d55f15d444ea1b09d44c529c2398a13f82941af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d55f15d444ea1b09d44c529c2398a13f82941af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181202/2afa46a0/attachment.html>

More information about the debian-security-tracker-commits mailing list