[Git][security-tracker-team/security-tracker][master] Make clear flif in experimental is unfixed as for now
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 31 16:34:31 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4dab84c0 by Salvatore Bonaccorso at 2018-10-31T16:32:51Z
Make clear flif in experimental is unfixed as for now
The package is more ore less dead upstream, and arguably it should be
removed from Debian maybe completely (even not in experimental).
Maintainer though explicitly wants it still in experimental. As such
make clear that all the issues are yet unfixed in the experimental
version. If the package will ever enter unstable again status needs to
be rechecked.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9706,6 +9706,7 @@ CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 20
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
+ [experimental] - flif <unfixed>
- flif <removed>
NOTE: https://github.com/FLIF-hub/FLIF/issues/520
CVE-2018-14875
@@ -16922,6 +16923,7 @@ CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe EF
CVE-2018-12110 (portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php ...)
NOT-FOR-US: portfolioCMS
CVE-2018-12109 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #902196)
NOTE: https://github.com/FLIF-hub/FLIF/issues/513
CVE-2018-12108 (An issue was discovered in Dropbox Lepton 1.2.1. The ...)
@@ -18533,6 +18535,7 @@ CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux ke
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
NOTE: Fixed by: https://git.kernel.org/linus/0a0b98734479aa5b3c671d5190e86273372cab95
CVE-2018-11507 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #902188)
NOTE: https://github.com/FLIF-hub/FLIF/issues/509
CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel ...)
@@ -19955,9 +19958,11 @@ CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X
CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract ...)
NOT-FOR-US: KoreaShow
CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #898407)
NOTE: https://github.com/FLIF-hub/FLIF/issues/503
CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
+ [experimental] - flif <unfixed>
- flif <removed> (bug #898406)
NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dab84c0ad953e5674b1aae53864bf7482087c50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4dab84c0ad953e5674b1aae53864bf7482087c50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181031/2b59a341/attachment.html>
More information about the debian-security-tracker-commits
mailing list