[Git][security-tracker-team/security-tracker][master] bugs

Moritz Muehlenhoff jmm at debian.org
Fri Jun 29 22:13:26 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a8e80e4 by Moritz Muehlenhoff at 2018-06-29T23:13:08+02:00
bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -285,7 +285,7 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search 
 CVE-2018-12901
 	RESERVED
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #902718)
 	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
 CVE-2018-12899
@@ -922,7 +922,7 @@ CVE-2018-1000548 (Umlet version < 14.3 contains a XML External Entity (XXE) .
 CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control ...)
 	NOT-FOR-US: CoreBOS
 CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) ...)
-	- triplea <unfixed> (low)
+	- triplea <unfixed> (low; bug #902719)
 	[stretch] - triplea <no-dsa> (Minor issue)
 	[jessie] - triplea <no-dsa> (Minor issue)
 	NOTE: https://0dd.zone/2018/05/31/TripleA-XXE/
@@ -930,7 +930,7 @@ CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External En
 CVE-2018-1000545
 	REJECTED
 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...)
-	- ruby-zip <unfixed>
+	- ruby-zip <unfixed> (bug #902720)
 	NOTE: https://github.com/rubyzip/rubyzip/issues/369
 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...)
 	NOT-FOR-US: Akiee



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a8e80e46b54f910c189419a88a0724be11cab3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a8e80e46b54f910c189419a88a0724be11cab3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/408f9560/attachment.html>

More information about the debian-security-tracker-commits mailing list