[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18384/unzip
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 16 21:37:06 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1523ba5a by Salvatore Bonaccorso at 2018-10-16T20:36:28Z
Add CVE-2018-18384/unzip
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,7 +30,13 @@ CVE-2018-18385 (Asciidoctor v1.5.7.1 allows remote attackers to cause a denial o
- asciidoctor <unfixed>
NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
CVE-2018-18384 (Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive ...)
- TODO: check
+ - unzip 6.0-11 (bug #741384)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1110194
+ NOTE: https://sourceforge.net/p/infozip/bugs/53/
+ NOTE: The cfactorstr buffer was already increased to 12 with the
+ NOTE: 07-increase-size-of-cfactorstr.patch patch as applied for #741384
+ NOTE: Upstream confirmed as well this is indeed enough as per
+ NOTE: https://sourceforge.net/p/infozip/bugs/53/#ba07
CVE-2018-18383
RESERVED
CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1523ba5a6bf493d43d7aa4cae29a40bec0f87206
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1523ba5a6bf493d43d7aa4cae29a40bec0f87206
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181016/5e2180cb/attachment.html>
More information about the debian-security-tracker-commits
mailing list