[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2018-580{0, 1, 2}/libraw

Salvatore Bonaccorso carnil at debian.org
Fri Mar 9 07:26:00 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f5cc762 by Salvatore Bonaccorso at 2018-03-09T08:24:42+01:00
Reference upstream commit for CVE-2018-580{0,1,2}/libraw

Note tha the upstream commit message is wrong saying "0.18.17" which is
though defitively tagged as 0.18.7 and is after 0.18.6 release, the
changelog is as well refering to 0.18.7 thus deducing that the upstream
version 0.18.7 is correct to use.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6075,14 +6075,17 @@ CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw
 	RESERVED
 	- libraw 0.18.7-1
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
 	RESERVED
 	- libraw 0.18.7-1
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
 	RESERVED
 	- libraw 0.18.7-1
 	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
 	- electron <itp> (bug #842420)
 	NOTE: Linux is not affected



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180309/5a80721d/attachment.html>

More information about the Secure-testing-commits mailing list