[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-14048/libpng1.6 as unimportant

Salvatore Bonaccorso carnil at debian.org
Mon Feb 4 16:37:12 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e11fc77 by Salvatore Bonaccorso at 2019-02-04T16:36:00Z
Mark CVE-2018-14048/libpng1.6 as unimportant

The reason for the unimportant severity is that the underlying issue is
actually in the use of the libpng library by the pnm2png tool, which is
not shipped in the binary packages produced.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32818,11 +32818,10 @@ CVE-2018-14050 (An issue has been found in libwav through 2017-04-20. It is a SE
 CVE-2018-14049 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
 	NOT-FOR-US: libwav
 CVE-2018-14048 (An issue has been found in libpng 1.6.34. It is a SEGV in the function ...)
-	- libpng1.6 <unfixed>
-	[stretch] - libpng1.6 <no-dsa> (Minor issue)
-	- libpng <removed>
-	[jessie] - libpng <no-dsa> (Minor issue)
+	- libpng1.6 <unfixed> (unimportant)
+	- libpng <removed> (unimportant)
 	NOTE: https://github.com/glennrp/libpng/issues/238
+	NOTE: Issue in use of libpng in pnm2png not shipped in binary packages.
 CVE-2018-14047 (** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEGV ...)
 	- pngwriter <removed>
 	NOTE: https://github.com/pngwriter/pngwriter/issues/129



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e11fc77d45702c400a35263b023c65453f9b2ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e11fc77d45702c400a35263b023c65453f9b2ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190204/babf08ba/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list