[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20573/yaml-cpp0.3

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5d2c1eb by Salvatore Bonaccorso at 2019-01-03T20:14:50Z
Add CVE-2018-20573/yaml-cpp0.3

Note that the issue is somehow cowered, the crash2 does not trigger the
exact backtrage to verify the issue. The code looks though affected and
similar in both variants.

Keep an eye on upstream issue and the respective to be filled Debian bug
for updates from the respective maintainers in case this initial triage
was wrong.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1218,8 +1218,9 @@ CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka ...
 CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) ...)
 	- yaml-cpp <unfixed> (low)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
+	- yaml-cpp0.3 <unfixed> (low)
+	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/655
-	TODO: check yaml-cpp0.3
 CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5d2c1eb7717f41a17285faa19f1a088d93e37af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5d2c1eb7717f41a17285faa19f1a088d93e37af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/0ad36a6d/attachment.html>