[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19208/libwpd

Wed Nov 14 07:13:30 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d180a0d6 by Salvatore Bonaccorso at 2018-11-14T06:39:35Z
Add CVE-2018-19208/libwpd

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -342,7 +342,9 @@ CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392522
 	NOTE: No security impact, crash in CLI tool
 CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function ...)
-	TODO: check
+	- libwpd <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643752
+	NOTE: Patch used in Fedora: https://src.fedoraproject.org/rpms/libwpd/raw/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
 CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...)
 	NOT-FOR-US: PRTG Network Monitor
 CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d180a0d662be0f2d9c505c28dc63fd35a956f9c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d180a0d662be0f2d9c505c28dc63fd35a956f9c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181114/a2e0f3d7/attachment.html>
