[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-580{0, 1, 2}/libraw

Salvatore Bonaccorso carnil at debian.org
Fri Mar 9 06:57:18 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e4eb12a by Salvatore Bonaccorso at 2018-03-09T07:56:54+01:00
Add CVE-2018-580{0,1,2}/libraw

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6068,12 +6068,18 @@ CVE-2018-5803 [Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp
 	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
-CVE-2018-5802
+CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp]
 	RESERVED
-CVE-2018-5801
+	- libraw 0.18.7-1
+	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
 	RESERVED
-CVE-2018-5800
+	- libraw 0.18.7-1
+	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
 	RESERVED
+	- libraw 0.18.7-1
+	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
 	- electron <itp> (bug #842420)
 	NOTE: Linux is not affected



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4eb12ade05d1817adf185f5f01d5ebba7009f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180309/30dd53cd/attachment.html>


More information about the Secure-testing-commits mailing list