[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2018-3977 (libsdl2-image, sdl-image1.2) for stretch as per private correspondence w/jmm)
Chris Lamb
lamby at debian.org
Wed Nov 7 22:01:32 GMT 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb671421 by Chris Lamb at 2018-11-07T22:00:13Z
Triage CVE-2018-3977 (libsdl2-image, sdl-image1.2) for stretch as per private correspondence w/jmm)
- - - - -
f65b1d84 by Chris Lamb at 2018-11-07T22:01:11Z
Triage CVE-2018-3977 (libsdl2-image, sdl-image1.2) for jessie LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -40248,6 +40248,10 @@ CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Wo
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image ...)
- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
- sdl-image1.2 1.2.12-10 (bug #912618)
+ [stretch] - libsdl2-image <no-dsa> (Minor issue)
+ [jessie] - libsdl2-image <no-dsa> (Minor issue)
+ [stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+ [jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
CVE-2018-3976
=====================================
data/dla-needed.txt
=====================================
@@ -50,8 +50,6 @@ liblivemedia (Hugo Lefeuvre)
NOTE: CVE entry says remote: "no", but it looks like a pretty exploitable remote vulnerability
NOTE: (remote code execution)... CVE is very well documented so I think this is worth a patch
--
-libsdl2-image (Chris Lamb)
---
linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
@@ -77,8 +75,6 @@ qemu (Santiago)
--
salt (Mike Gabriel)
--
-sdl-image1.2 (Chris Lamb)
---
spamassassin (Antoine Beaupre)
--
squid3 (Abhijith PA)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/465b26aee51d43e3c9bc0a51e7ab160dfbbca4be...f65b1d847ae2bd0cd2113907bc6f3075e145e428
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/465b26aee51d43e3c9bc0a51e7ab160dfbbca4be...f65b1d847ae2bd0cd2113907bc6f3075e145e428
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181107/5308faa6/attachment.html>
More information about the debian-security-tracker-commits
mailing list