[Git][security-tracker-team/security-tracker][master] discount: reference directly the reproducing file to better identify the CVEs
Salvatore Bonaccorso
carnil at debian.org
Sun May 27 09:35:33 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a0ebb55 by Salvatore Bonaccorso at 2018-05-27T10:34:35+02:00
discount: reference directly the reproducing file to better identify the CVEs
Since the reporter did fill all the issues in one upstream issue
directly reference the pocs as well to make it clear which CVE is for
which issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,11 @@ CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attacke
CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a ...)
- discount <unfixed>
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
+ NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT ...)
- discount <unfixed>
NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
+ NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
CVE-2018-11502
RESERVED
CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via ...)
@@ -80,6 +82,7 @@ CVE-2018-11469 (Incorrect caching of responses to requests including an Authoriz
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...)
- discount <unfixed>
NOTE: https://github.com/Orc/discount/issues/189
+ NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
CVE-2018-11467
RESERVED
CVE-2018-11466
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a0ebb5505b2a210b88a08d6f4c2634c17b0a1d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a0ebb5505b2a210b88a08d6f4c2634c17b0a1d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180527/a31c086c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list