[Git][security-tracker-team/security-tracker][master] Add fixed version for openjpeg2 issues in via unstable
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 10 19:49:14 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1da13459 by Salvatore Bonaccorso at 2019-03-10T19:48:44Z
Add fixed version for openjpeg2 issues in via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28275,7 +28275,7 @@ CVE-2018-18089
RESERVED
CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the ...)
{DLA-1579-1}
- - openjpeg2 <unfixed> (low; bug #910763)
+ - openjpeg2 2.3.0-2 (low; bug #910763)
NOTE: https://github.com/uclouvain/openjpeg/issues/1152
NOTE: https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
@@ -37782,7 +37782,7 @@ CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport disp
NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1
CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, ...)
{DLA-1614-1}
- - openjpeg2 <unfixed> (low; bug #904873)
+ - openjpeg2 2.3.0-2 (low; bug #904873)
NOTE: https://github.com/uclouvain/openjpeg/issues/1123
NOTE: https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
@@ -58986,7 +58986,7 @@ CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local
NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the ...)
{DLA-1614-1}
- - openjpeg2 <unfixed> (bug #889683)
+ - openjpeg2 2.3.0-2 (bug #889683)
NOTE: https://github.com/uclouvain/openjpeg/issues/1059
NOTE: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
CVE-2018-6615
@@ -61856,7 +61856,7 @@ CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop an
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
- - openjpeg2 <unfixed> (low; bug #888533)
+ - openjpeg2 2.3.0-2 (low; bug #888533)
[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/uclouvain/openjpeg/issues/1057
NOTE: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
@@ -74428,7 +74428,7 @@ CVE-2017-17481
RESERVED
CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
{DLA-1579-1}
- - openjpeg2 <unfixed> (bug #884738)
+ - openjpeg2 2.3.0-2 (bug #884738)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da134596eaa1e0ccd48d638a42934d6c4118ac6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da134596eaa1e0ccd48d638a42934d6c4118ac6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190310/ed94fc62/attachment.html>
More information about the debian-security-tracker-commits
mailing list