[Git][security-tracker-team/security-tracker][master] data/CVE: update openjpeg2 cve notes
Hugo Lefeuvre
hle at debian.org
Mon Nov 19 16:57:41 GMT 2018
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37127a30 by Hugo Lefeuvre at 2018-11-19T16:52:40Z
data/CVE: update openjpeg2 cve notes
Reference my patches for CVE-2017-17480 and CVE-2018-18088.
CVE-2018-5785 is actually not affecting Jessie, support for this BMP
version was added later.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3436,6 +3436,7 @@ CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red"
- openjpeg2 <unfixed> (low; bug #910763)
[stretch] - openjpeg2 <ignored> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1152
+ NOTE: https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
NOT-FOR-US: Bixie Portfolio plugin for Pagekit
CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the ...)
@@ -36539,8 +36540,11 @@ CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop an
NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
- openjpeg2 <unfixed> (low; bug #888533)
+ [jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/uclouvain/openjpeg/issues/1057
NOTE: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
+ NOTE: vulnerable code introduced in
+ NOTE: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
{DLA-1411-1 DLA-1391-1}
- tiff 4.0.9-4 (bug #890441)
@@ -49040,6 +49044,7 @@ CVE-2017-17481
CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
- openjpeg2 <unfixed> (bug #884738)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
+ NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
- openjpeg2 <unfixed> (unimportant)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37127a302c05120b8e33f357835419f2263a7456
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37127a302c05120b8e33f357835419f2263a7456
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181119/3225d297/attachment.html>
More information about the debian-security-tracker-commits
mailing list