[Git][security-tracker-team/security-tracker][master] Triage results.

Ola Lundqvist opal at debian.org
Wed Sep 19 19:23:28 BST 2018


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f6079f9 by Ola Lundqvist at 2018-09-19T18:23:00Z
Triage results.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -169,11 +169,15 @@ CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
 CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
 	- tiff <unfixed> (bug #909037)
 	- tiff3 <removed>
+	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
+	[jessie] - tiff <postponed> (Can be fixed along in future DLA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
 	- tiff <unfixed> (bug #909038)
 	- tiff3 <removed>
+	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
+	[jessie] - tiff <postponed> (Can be fixed along in future DLA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
 CVE-2018-17099
@@ -199,6 +203,7 @@ CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
 CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...)
 	- audiofile <unfixed>
+	[jessie] - audiofile <postponed> (Can be fixed along in future DLA)
 	NOTE: https://github.com/mpruett/audiofile/issues/50
 	NOTE: https://github.com/mpruett/audiofile/issues/51
 CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
@@ -406,6 +411,8 @@ CVE-2018-17001
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
 	- tiff <unfixed> (bug #908778)
 	- tiff3 <removed>
+	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
+	[jessie] - tiff <postponed> (Can be fixed along in future DLA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
 CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write ...)
 	- nasm <unfixed> (unimportant)
@@ -7075,6 +7082,7 @@ CVE-2018-14321
 	RESERVED
 CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive ...)
 	- libpodofo <unfixed>
+	[jessie] - libpodofo <ignored> (Minor issue)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
 CVE-2018-14319
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f6079f9eaa4b5c6e230517272ed1096d61323ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f6079f9eaa4b5c6e230517272ed1096d61323ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180919/6b6aa1f4/attachment.html>


More information about the debian-security-tracker-commits mailing list