[Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues

Moritz Muehlenhoff jmm at debian.org
Mon Jan 14 22:39:34 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d07d829f by Moritz Muehlenhoff at 2019-01-14T22:39:00Z
new r-cran-readxl issues
more retroctively assigned Chromium CVE IDs

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6656,11 +6656,11 @@ CVE-2018-20454 (An issue was discovered in 74cms v4.2.111. ...)
 CVE-2018-20453 (The getlong function in numutils.c in libdoc through 2017-10-23 has a ...)
 	TODO: check, potentially affects src:catdoc
 CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid ...)
-	TODO: check, potentially affects src:r-cran-readxl
+	- r-cran-readxl <unfixed> (bug #919324)
 CVE-2018-20451 (The process_file function in reader.c in libdoc through 2017-10-23 has ...)
 	TODO: check, potentially affects src:catdoc
 CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double free that ...)
-	TODO: check, potentially affects src:r-cran-readxl
+	- r-cran-readxl <unfixed> (bug #919324)
 CVE-2018-20449
 	RESERVED
 CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the ...)
@@ -9850,19 +9850,20 @@ CVE-2018-20073 [chromium stores download meta data in extended attributes]
 CVE-2018-20072
 	RESERVED
 CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app ...)
-	TODO: check
+	- chromium-browser 70.0.3538.67-1
+	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...)
-	TODO: check
+	- chromium 71.0.3578.80-1
 CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation ...)
-	TODO: check
+	- chromium <not-affected> (Specific to iOS)
 CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome ...)
-	TODO: check
+	- chromium 71.0.3578.80-1
 CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...)
-	TODO: check
+	- chromium 71.0.3578.80-1
 CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to ...)
-	TODO: check
+	- chromium 71.0.3578.80-1
 CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to ...)
-	TODO: check
+	- chromium 71.0.3578.80-1
 CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via ...)
 	NOT-FOR-US: doorGets
 CVE-2018-20063


=====================================
data/DSA/list
=====================================
@@ -51,7 +51,7 @@
 	{CVE-2018-14851 CVE-2018-14883 CVE-2018-17082 CVE-2018-19518 CVE-2018-19935}
 	[stretch] - php7.0 7.0.33-0+deb9u1
 [07 Dec 2018] DSA-4352-1 chromium-browser - security update
-	{CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20346}
+	{CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 CVE-2018-20346 CVE-2018-20070 CVE-2018-20068 CVE-2018-20067 CVE-2018-20066 CVE-2018-20065}
 	[stretch] - chromium-browser 71.0.3578.80-1~deb9u1
 [07 Dec 2018] DSA-4351-1 libphp-phpmailer - security update
 	{CVE-2018-19296}
@@ -119,7 +119,7 @@
 	{CVE-2018-16839 CVE-2018-16842}
 	[stretch] - curl 7.52.1-5+deb9u8
 [02 Nov 2018] DSA-4330-1 chromium-browser - security update
-	{CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477}
+	{CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-20071}
 	[stretch] - chromium-browser 70.0.3538.67-1~deb9u1
 [28 Oct 2018] DSA-4329-1 teeworlds - security update
 	{CVE-2018-18541}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d07d829f0feff4ded71b9be99ab445364c793670

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d07d829f0feff4ded71b9be99ab445364c793670
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190114/e789cc1d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list