[Git][security-tracker-team/security-tracker][master] 2 commits: new tiff issue

Moritz Muehlenhoff jmm at debian.org
Wed Jun 27 21:06:02 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c53eb9b9 by Moritz Muehlenhoff at 2018-06-27T22:03:21+02:00
new tiff issue

- - - - -
f132bbd1 by Moritz Muehlenhoff at 2018-06-27T22:05:38+02:00
new u-boot non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,7 +9,9 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search 
 CVE-2018-12901
 	RESERVED
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
-	TODO: check
+	- tiff <unfixed>
+	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
 CVE-2018-12899
 	RESERVED
 CVE-2018-12898
@@ -44,7 +46,8 @@ CVE-2018-12885
 CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...)
-	TODO: check
+	- u-boot <unfixed> (unimportant)
+	NOTE: No security impact as supported/packaged in Debian
 CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
 	- devscripts <unfixed> (low; bug #902409)
 	[stretch] - devscripts <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/04fc781e5ab3a94cb7161eb49b110b7c1ae06ff9...f132bbd1ba3285c09fa8b5f41db09f616d5913dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/04fc781e5ab3a94cb7161eb49b110b7c1ae06ff9...f132bbd1ba3285c09fa8b5f41db09f616d5913dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180627/e7ccc4e8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list