[Git][security-tracker-team/security-tracker][master] Report vcftools CVEs upstream (since reporter did not inform upstream)

Salvatore Bonaccorso carnil at debian.org
Fri May 18 08:13:10 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f69ba0e4 by Salvatore Bonaccorso at 2018-05-18T09:12:52+02:00
Report vcftools CVEs upstream (since reporter did not inform upstream)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -220,9 +220,11 @@ CVE-2018-11131
 CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools ...)
 	- vcftools <unfixed>
 	NOTE: http://seclists.org/fulldisclosure/2018/May/43
+	NOTE: https://github.com/vcftools/vcftools/issues/109
 CVE-2018-11129 (The header::add_INFO_descriptor function in header.cpp in VCFtools ...)
 	- vcftools <unfixed>
 	NOTE: http://seclists.org/fulldisclosure/2018/May/43
+	NOTE: https://github.com/vcftools/vcftools/issues/109
 CVE-2018-11128 (The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 ...)
 	TODO: check
 CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
@@ -287,6 +289,7 @@ CVE-2018-11100 (The decompileSETTARGET function in decompile.c in libming throug
 CVE-2018-11099 (The header::add_INFO_descriptor function in header.cpp in VCFtools ...)
 	- vcftools <unfixed>
 	NOTE: http://seclists.org/fulldisclosure/2018/May/43
+	NOTE: https://github.com/vcftools/vcftools/issues/109
 CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file upload ...)
 	NOT-FOR-US: Frog CMS
 CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f69ba0e4fcf309791ce50f08a66db69a9575c0c8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f69ba0e4fcf309791ce50f08a66db69a9575c0c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180518/630ea16b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list