[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-6406 and CVE-2018-6548
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 11 19:36:02 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baec1b7b by Salvatore Bonaccorso at 2018-02-11T20:35:55+01:00
Update status for CVE-2018-6406 and CVE-2018-6548
Update status to match the following: If source is affected but since
the resulting binaries in Debian are not (due to not building with
support for VP9), mark it as unfixed, but with unimportant severity.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -964,7 +964,8 @@ CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vuln
CVE-2018-6549
RESERVED
CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. If ...)
- - chromium-browser <not-affected> (chromium is built with support for VP9 disabled in debian)
+ - chromium-browser <unfixed> (unimportant)
+ NOTE: Chromium is built with support for VP9 disabled in Debian
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
CVE-2018-6547
@@ -1397,7 +1398,8 @@ CVE-2018-6408 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21
CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 ...)
NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in ...)
- - chromium-browser <not-affected> (chromium is built with support for VP9 disabled in debian)
+ - chromium-browser <unfixed> (unimportant)
+ NOTE: Chromium is built with support for VP9 disabled in Debian
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baec1b7b20e97f57532151275c5ae7c4c24d5ed9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baec1b7b20e97f57532151275c5ae7c4c24d5ed9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180211/61fb4ade/attachment-0001.html>
More information about the Secure-testing-commits
mailing list