[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1785{0,1}/libjsoncpp

Salvatore Bonaccorso carnil at debian.org
Tue Oct 2 22:25:50 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60e97442 by Salvatore Bonaccorso at 2018-10-02T21:24:00Z
Add CVE-2018-1785{0,1}/libjsoncpp

Not convinced that they are actually security issues, the library should
not use assertions in the first place. For now tracking them as such. In
case the CVEs are either REJECTED which means we can remove the source
package tracking, or disputed, where we then can possibly downgrade
severity to unimportant. For now leaving as such.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,9 +79,13 @@ CVE-2018-17853
 CVE-2018-17852 (A SQL injection was discovered in WUZHI CMS 4.1.0 in ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-17851 (An issue was discovered in JsonCpp 1.8.4. An unhandled exception ...)
-	TODO: check
+	- libjsoncpp <unfixed>
+	[stretch] - libjsoncpp <no-dsa> (Minor issue)
+	NOTE: https://github.com/open-source-parsers/jsoncpp/issues/823
 CVE-2018-17850 (An issue was discovered in JsonCpp 1.8.4. An unhandled exception ...)
-	TODO: check
+	- libjsoncpp <unfixed>
+	[stretch] - libjsoncpp <no-dsa> (Minor issue)
+	NOTE: https://github.com/open-source-parsers/jsoncpp/issues/824
 CVE-2018-17849
 	RESERVED
 CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e974421d5f9a9a536ac675e95a7ed37b908d5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e974421d5f9a9a536ac675e95a7ed37b908d5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181002/5afc592d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list