[Git][security-tracker-team/security-tracker][master] openexr no-dsa

Moritz Muehlenhoff jmm at debian.org
Wed Oct 24 22:24:23 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c030c22 by Moritz Muehlenhoff at 2018-10-24T21:23:39Z
openexr no-dsa
thunar non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -459,8 +459,8 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of
 	NOTE: Issue in exrmultiview which is not installed in the binary package.
 CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
 	- openexr <unfixed>
+	[stretch] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/openexr/openexr/issues/350
-	TODO: check, the issue seems not located in the (not-installed) exrmultiview tool, but in library, but no upstream response yet
 CVE-2018-18442
 	RESERVED
 CVE-2018-18441
@@ -570,9 +570,9 @@ CVE-2018-18400
 CVE-2018-18399
 	RESERVED
 CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...)
-	- thunar <undetermined>
+	- thunar <unfixed> (unimportant)
 	NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
-	TODO: check, unclear/information lacking report, unclear if later thunar versions affected, unclear upstream reporting status
+	NOTE: no security impact, crash in end user tool
 CVE-2018-18397
 	RESERVED
 CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c030c22f45ead66fe1e4ccac5d85982cbecf478

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c030c22f45ead66fe1e4ccac5d85982cbecf478
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/a8eba0fc/attachment.html>

More information about the debian-security-tracker-commits mailing list