[Git][security-tracker-team/security-tracker][master] Add three new hdf5 CVEs
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 20 20:17:09 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
caf21307 by Salvatore Bonaccorso at 2018-09-20T19:15:09Z
Add three new hdf5 CVEs
Keeping them as undetermined as they are all from same reporter not
specifying if upstream has been informed. The issues need first boe be
made aware for upsream.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,14 +11,20 @@ CVE-2018-17239
CVE-2018-17238
RESERVED
CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
TODO: check
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...)
TODO: check
CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in ...)
TODO: check
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
TODO: check
CVE-2018-17233 (A SIGFPE signal is raised in the function ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
TODO: check
CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1 Slack ...)
NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/caf213078cbfd29fe101cddb463b8094688d65d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/caf213078cbfd29fe101cddb463b8094688d65d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/ec80d433/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list