[Git][security-tracker-team/security-tracker][master] data/CVE/list: Tag open CVEs for mp4v2 in jessie as <no-dsa>. Following the…

[Mike Gabriel]

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dae4aec by Mike Gabriel at 2018-07-19T15:27:38+02:00
data/CVE/list: Tag open CVEs for mp4v2 in jessie as <no-dsa>. Following the security team's decision with this.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,6 +1,7 @@
 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...)
 	- mp4v2 <unfixed>
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
 CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
 	TODO: check
@@ -73,6 +74,7 @@ CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead component
 CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...)
 	- mp4v2 <unfixed>
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
 CVE-2018-14378 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
 	- tiff <unfixed>
@@ -458,10 +460,12 @@ CVE-2018-14241
 CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory ...)
 	- mp4v2 <unfixed>
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
 CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory ...)
 	- mp4v2 <unfixed>
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
 CVE-2018-14240
 	RESERVED
@@ -925,6 +929,7 @@ CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Requ
 CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...)
 	- mp4v2 <unfixed> (bug #903859)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
+	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
 CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService before ...)
 	- accountsservice <unfixed> (low; bug #903828)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dae4aecde4e773fd799decc06fef8714fe4e0fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dae4aecde4e773fd799decc06fef8714fe4e0fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180719/393b021c/attachment.html>