[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-14567 and CVE-2018-9251
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 30 14:39:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a79b333c by Salvatore Bonaccorso at 2018-07-30T13:39:00Z
Update information for CVE-2018-14567 and CVE-2018-9251
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -462,6 +462,10 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
NOTE: https://redmine.openinfosecfoundation.org/issues/2501
CVE-2018-14567
RESERVED
+ - libxml2 <unfixed>
+ [stretch] - libxml2 <postponed> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
RESERVED
CVE-2018-14565 (An issue was discovered in libthulac.so in THULAC through 2018-02-25. A ...)
@@ -13869,6 +13873,7 @@ CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion
CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...)
- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug #895195)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
NOTE: Before upstream commit https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
NOTE: the memlimit argument to lzma_auto_decoder was set to UINT64_MAX, possibly
NOTE: allowing a malicious LZMA compressed files to consume large amounts of memory
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a79b333c756d70c13279c7f56c69b0ecdc2cac38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a79b333c756d70c13279c7f56c69b0ecdc2cac38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180730/8312da42/attachment.html>
More information about the debian-security-tracker-commits
mailing list