[Git][security-tracker-team/security-tracker][master] 3 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jul 20 21:54:41 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ebfaaf2 by Salvatore Bonaccorso at 2018-07-20T22:54:29+02:00
Process NFUs

- - - - -
c7843d26 by Salvatore Bonaccorso at 2018-07-20T22:54:30+02:00
Add CVE-2018-14471/libredwg

- - - - -
40083817 by Salvatore Bonaccorso at 2018-07-20T22:54:31+02:00
Add undetermined entries for libgig

Unfortunaely the TeamSeri0us reports are not helpful at this stage,
unclear if the issues are properly reported upstream and need more
investigation. Likely though to be <unfixed> for at least unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29,13 +29,13 @@ CVE-2018-14476
 CVE-2018-14475
 	RESERVED
 CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ...)
-	TODO: check
+	NOT-FOR-US: Orange Forum
 CVE-2018-14473
 	RESERVED
 CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is ...)
-	TODO: check
+	NOT-FOR-US: WUZHI CMS
 CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG ...)
-	TODO: check
+	- libredwg <itp> (bug #595191)
 CVE-2018-14470
 	RESERVED
 CVE-2018-14469
@@ -59,27 +59,38 @@ CVE-2018-14461
 CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...)
 	TODO: check
 CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds read ...)
-	TODO: check
+	- libgig <undetermined>
+	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
 CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL ...)
 	TODO: check
 CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4f31dbfdf947ca786d439067a406979e5d1996e0...40083817a56c98b7fd84cb0ee1ae2a8ed6f72a9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4f31dbfdf947ca786d439067a406979e5d1996e0...40083817a56c98b7fd84cb0ee1ae2a8ed6f72a9e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180720/74757e56/attachment.html>

More information about the debian-security-tracker-commits mailing list