[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] exempi, libcdio, python-crypto, mp4v2 no-dsa
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 8 20:39:02 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ca2d576 by Moritz Muehlenhoff at 2018-03-08T21:38:37+01:00
exempi, libcdio, python-crypto, mp4v2 no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -71,21 +71,28 @@ CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php h
CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ...)
NOT-FOR-US: YxtCMF
CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
- - exempi <unfixed>
+ - exempi <unfixed> (low)
+ [stretch] - exempi <no-dsa> (Minor issue)
[jessie] - exempi <not-affected> (Vulnerable code introduced later)
[wheezy] - exempi <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...)
- - exempi <unfixed>
+ - exempi <unfixed> (low)
+ [stretch] - exempi <no-dsa> (Minor issue)
+ [jessie] - exempi <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-based ...)
- - exempi <unfixed>
+ - exempi <unfixed> (low)
+ [stretch] - exempi <no-dsa> (Minor issue)
+ [jessie] - exempi <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
- - exempi <unfixed>
+ - exempi <unfixed> (low)
+ [stretch] - exempi <no-dsa> (Minor issue)
+ [jessie] - exempi <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205
NOTE: https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak ...)
@@ -991,10 +998,14 @@ CVE-2018-7445
CVE-2018-7444
RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...)
- - libcdio 1.0.0-1
+ - libcdio 1.0.0-1 (low)
+ [stretch] - libcdio <no-dsa> (Minor issue)
+ [jessie] - libcdio <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?52264
CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows ...)
- - libcdio 1.0.0-1
+ - libcdio 1.0.0-1 (low)
+ [stretch] - libcdio <no-dsa> (Minor issue)
+ [jessie] - libcdio <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?52265
CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...)
{DLA-1299-1}
@@ -1252,7 +1263,9 @@ CVE-2018-7341
CVE-2018-7340
RESERVED
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...)
- - mp4v2 <unfixed>
+ - mp4v2 <unfixed> (low)
+ [stretch] - mp4v2 <no-dsa> (Minor issue)
+ [jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: https://github.com/pingsuewim/libmp4_bof
CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...)
NOT-FOR-US: HamayeshNegar CMS
@@ -1523,6 +1536,8 @@ CVE-2018-1000086
CVE-2018-1000085 [Out-of-bounds heap read in XAR parser]
RESERVED
- clamav 0.99.3~beta1+dfsg-1
+ [stretch] - clamav <no-dsa> (clamav is updated via -updates)
+ [jessie] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-1000084
@@ -3468,6 +3483,8 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat
{DLA-1283-1}
- pycryptodome 3.4.11-1 (bug #889998)
- python-crypto <unfixed> (bug #889999)
+ [stretch] - python-crypto <no-dsa> (Minor issue)
+ [jessie] - python-crypto <no-dsa> (Minor issue)
NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
NOTE: The issue is found as well in pycryptodome (fork from python-crypto)
NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/0093d957/attachment.html>
More information about the Secure-testing-commits
mailing list