[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-7263/libmad

Wed Feb 21 20:39:46 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8230186 by Salvatore Bonaccorso at 2018-02-21T21:38:16+01:00
Add CVE-2018-7263/libmad

This CVE assignment is highly confusing, because even the master
references from the MITRE database reference to a SUSE bug which claims
that this is a an issue in mpg123 and it is a duplicate of the
previously assigned CVE.

Pending request to MITRE for clarification.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36,7 +36,11 @@ CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b .
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
 	NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
 CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
-	TODO: check
+	- libmad <unfixed>
+	NOTE: Possible overlap with CVE-2017-11552 and relates to the issue raised in
+	NOTE: https://bugs.debian.org/870608
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
+	TODO: clarify with MITRE why this CVE was additionally assigned
 CVE-2018-7262
 	RESERVED
 CVE-2018-7261



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8230186701de70eb51bda116076f2a17169159b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180221/eea241fb/attachment.html>
