[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1587{8,9}/libgd2

Thu Jun 20 21:44:54 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3475d909 by Salvatore Bonaccorso at 2019-06-20T20:43:29Z
Add CVE-2018-1587{8,9}/libgd2

They are related to the same upstream issue as CVE-2018-1000222 and it's
a bit unclear why two more CVEs were assigned. The assigning CNA is in
all three cases MITRE itself.

Opened a question to MITRE if they are duplicate or try to understand
the multiple assignments.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43958,9 +43958,15 @@ CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate che
 CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output fi ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-15879 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
-	TODO: check
+        - libgd2 2.2.5-4.1 (low)
+        [stretch] - libgd2 2.2.4-2+deb9u3
+        NOTE: https://github.com/libgd/libgd/issues/447
+        NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
 CVE-2018-15878 (The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vu ...)
-	TODO: check
+        - libgd2 2.2.5-4.1 (low)
+        [stretch] - libgd2 2.2.4-2+deb9u3
+        NOTE: https://github.com/libgd/libgd/issues/447
+        NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
 CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary fi ...)
 	NOT-FOR-US: Joomla addon
 CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...)


=====================================
data/DLA/list
=====================================
@@ -543,7 +543,7 @@
 	{CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750}
 	[jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u5
 [30 Jan 2019] DLA-1651-1 libgd2 - security update
-	{CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978}
+	{CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978 CVE-2018-15878 CVE-2018-15879}
 	[jessie] - libgd2 2.1.0-5+deb8u12
 [30 Jan 2019] DLA-1650-1 rssh - security update
 	{CVE-2019-1000018}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3475d9099bcb3829cce2fbf34cdd183a278eab2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3475d9099bcb3829cce2fbf34cdd183a278eab2b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190620/ffc7fd15/attachment-0001.html>
