[Git][security-tracker-team/security-tracker][master] openjpeg2: mark CVE-2018-5727 <ignored> in jessie

Hugo Lefeuvre hle at debian.org
Tue Jan 22 07:35:00 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43a071b7 by Hugo Lefeuvre at 2019-01-22T07:29:39Z
openjpeg2: mark CVE-2018-5727 <ignored> in jessie

This is a small ubsan integer overflow check failure, not even a crash. It
is very unclear whether there is a security impact at all (no buffer
overflow or whatsoever appears to follow this integer overflow, so this
might only be an issue with regard to output validity).

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -54047,6 +54047,7 @@ CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to
 	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the ...)
 	- openjpeg2 <unfixed> (low; bug #888532)
+	[jessie] - openjpeg2 <ignored> (Minor issue, security impact not clear)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1053
 CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain ...)
 	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices


=====================================
data/dla-needed.txt
=====================================
@@ -90,10 +90,6 @@ nss
   NOTE: 20181217: Contacted Mozilla security with a request for access to the BZ issue. (roberto)
   NOTE: 20190121: If you intend to take up this package, please email me and I will provide a detailed summary of what has been done so far. (roberto)
 --
-openjpeg2
-  NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either.
-  NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
---
 openssh
 --
 phpmyadmin (Lucas Kanashiro)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43a071b7bf5720248114b80b79ba553999728c6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190122/a0db48ef/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list