[Git][security-tracker-team/security-tracker][master] two additional bibutils issues

Moritz Muehlenhoff jmm at debian.org
Mon May 7 14:10:33 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
403682f0 by Moritz Muehlenhoff at 2018-05-07T15:09:59+02:00
two additional bibutils issues
new exiv issue (exp only)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -44,11 +44,15 @@ CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c
 	- bibutils <unfixed> (unimportant)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in ...)
-	TODO: check
+	- bibutils <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in ...)
-	TODO: check
+	- bibutils <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows ...)
-	TODO: check
+	[experimental] - exiv2 <unfixed>
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566260
 CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c in ...)
 	- abcm2ps <unfixed> (unimportant)
 	NOTE: https://github.com/leesavide/abcm2ps/issues/17



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/403682f04b1cb8f17640a8f1b75927bb954ea940

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/403682f04b1cb8f17640a8f1b75927bb954ea940
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180507/5604139e/attachment.html>


More information about the debian-security-tracker-commits mailing list