[Git][security-tracker-team/security-tracker][master] Add CVE-2018-17828/zziplib
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 3 22:32:42 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65bdb7f7 by Salvatore Bonaccorso at 2018-10-03T21:32:03Z
Add CVE-2018-17828/zziplib
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -296,7 +296,9 @@ CVE-2018-17830 (The $args variable in addons/mediapool/pages/index.php in REDAXO
CVE-2018-17829
RESERVED
CVE-2018-17828 (Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers ...)
- TODO: check
+ - zziplib <unfixed> (unimportant)
+ NOTE: https://github.com/gdraheim/zziplib/issues/62
+ NOTE: unzzipcat-mem not installed into the binary packages
CVE-2018-17827 (HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by ...)
NOT-FOR-US: HisiPHP
CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65bdb7f79b74b96f7d858bb3bc3e10a52f3c0164
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65bdb7f79b74b96f7d858bb3bc3e10a52f3c0164
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181003/c7603754/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list