[Git][security-tracker-team/security-tracker][master] Add new libmspack issues

Salvatore Bonaccorso carnil at debian.org
Sat Jul 28 08:33:52 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f833bc79 by Salvatore Bonaccorso at 2018-07-28T07:33:06Z
Add new libmspack issues

A subset affects clamav, which uses the system library though since
Debian Jessie. Any other update should not only cherry-pick the fixes
for clamav so they are safe as well. No need to track here clamav for
those as all supported suites including LTS switched already to use the
system library.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-XXXX [off-by-one error in CHM PMGI/PMGL chunk number validity checks]
+	- libmspack <unfixed>
+	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+CVE-2018-XXXX [libmspack now rejects blank CHM filenames]
+	- libmspack <unfixed>
+	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+CVE-2018-XXXX [Fix off-by-one error in chmd TOLOWER() fallback]
+	- libmspack <unfixed>
+	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+CVE-2018-XXXX [kwaj_read_headers(): fix handling of non-terminated strings]
+	- libmspack <unfixed>
+	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
+	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14667
 	RESERVED
 CVE-2018-14666



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f833bc7947b072483a9f1f5acb42fb7bec12e148

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f833bc7947b072483a9f1f5acb42fb7bec12e148
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180728/4d71997a/attachment.html>

More information about the debian-security-tracker-commits mailing list