[Git][security-tracker-team/security-tracker][master] Add upstream tag information for various zziplib CVEs
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 3 12:52:25 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7c38d07 by Salvatore Bonaccorso at 2019-03-03T12:51:51Z
Add upstream tag information for various zziplib CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54935,21 +54935,21 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/40
- NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
+ NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...)
- zziplib <unfixed> (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/41
- NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
+ NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
- zziplib <unfixed> (low; bug #913165)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/39
- NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
+ NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 (v0.13.69)
CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
- piwigo <removed>
NOTE: https://github.com/Piwigo/Piwigo/issues/872
@@ -57802,7 +57802,7 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/22
- NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...)
NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script
CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...)
@@ -58843,7 +58843,7 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
- zziplib <unfixed> (unimportant)
NOTE: https://github.com/gdraheim/zziplib/issues/17
- NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e
+ NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
- zziplib <unfixed> (bug #889089)
@@ -58851,14 +58851,14 @@ CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a .
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
- NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
- zziplib <unfixed> (bug #923659)
[stretch] - zziplib <no-dsa> (Minor issue)
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/15
- NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07
+ NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07 (v0.13.68)
CVE-2018-6539
RESERVED
CVE-2018-6538
@@ -59118,7 +59118,7 @@ CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus err
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/14
- NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
+ NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6483
RESERVED
CVE-2018-6482
@@ -59361,7 +59361,7 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by inval
[jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/12
- NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598
+ NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598 (v0.13.68)
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...)
NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7c38d07bc6fba5f8620f2525ba593e49b04bd5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b7c38d07bc6fba5f8620f2525ba593e49b04bd5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190303/3f77f25f/attachment.html>
More information about the debian-security-tracker-commits
mailing list