[Git][security-tracker-team/security-tracker][master] libvorbis, tcpdf fixed
Moritz Muehlenhoff
jmm at debian.org
Mon Feb 25 22:34:47 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
964a6c1f by Moritz Muehlenhoff at 2019-02-25T22:34:25Z
libvorbis, tcpdf fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29470,7 +29470,7 @@ CVE-2018-17059
CVE-2018-17058
RESERVED
CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can trigger ...)
- - tcpdf <unfixed> (bug #908866)
+ - tcpdf 6.2.26+dfsg-1 (bug #908866)
[stretch] - tcpdf <no-dsa> (Minor issue)
[jessie] - tcpdf <ignored> (Minor issue)
NOTE: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
@@ -47223,7 +47223,7 @@ CVE-2018-10395
CVE-2018-10394
RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a ...)
- - libvorbis <unfixed> (bug #876780)
+ - libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
@@ -47231,7 +47231,7 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a .
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not ...)
- - libvorbis <unfixed> (bug #876780)
+ - libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
@@ -86378,7 +86378,7 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...)
- - libvorbis <unfixed> (bug #876780)
+ - libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
[jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/964a6c1f1923c315fd2b2cfabadf5d980763db8b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/964a6c1f1923c315fd2b2cfabadf5d980763db8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190225/647856d1/attachment.html>
More information about the debian-security-tracker-commits
mailing list