[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-580{0, 1, 2}/libraw
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 9 06:57:18 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e4eb12a by Salvatore Bonaccorso at 2018-03-09T07:56:54+01:00
Add CVE-2018-580{0,1,2}/libraw
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6068,12 +6068,18 @@ CVE-2018-5803 [Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp
RESERVED
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
-CVE-2018-5802
+CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp]
RESERVED
-CVE-2018-5801
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
RESERVED
-CVE-2018-5800
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
RESERVED
+ - libraw 0.18.7-1
+ NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
- electron <itp> (bug #842420)
NOTE: Linux is not affected
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180309/30dd53cd/attachment.html>
More information about the Secure-testing-commits
mailing list