[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Tue Jan 14 20:15:44 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee13aded by Moritz Muehlenhoff at 2020-01-14T21:14:53+01:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24257,17 +24257,17 @@ CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execut
CVE-2019-16397
RESERVED
CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...)
- - gnucobol <unfixed> (bug #940950)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #940950)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/587/
CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
- - gnucobol <unfixed> (bug #940949)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #940949)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/586/
CVE-2019-16390
@@ -30052,10 +30052,10 @@ CVE-2019-14543
CVE-2019-14542
RESERVED
CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...)
- - gnucobol <unfixed> (bug #933884)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #933884)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
@@ -30106,10 +30106,10 @@ CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR b
CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
NOT-FOR-US: OpenEMR
CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
- - gnucobol <unfixed> (bug #933884)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #933884)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/583/
CVE-2019-14527 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...)
@@ -30256,10 +30256,10 @@ CVE-2019-14488
CVE-2019-14487
RESERVED
CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...)
- - gnucobol <unfixed> (bug #933884)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #933884)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/582/
CVE-2019-14485
@@ -30297,10 +30297,10 @@ CVE-2019-14470 (cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used i
CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...)
NOT-FOR-US: Nexus Repository Manager
CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...)
- - gnucobol <unfixed> (bug #933884)
- [buster] - gnucobol <no-dsa> (Minor issue)
+ - gnucobol <unfixed> (low; bug #933884)
+ [buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
- [stretch] - open-cobol <no-dsa> (Minor issue)
+ [stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
@@ -47708,19 +47708,19 @@ CVE-2019-9088
RESERVED
CVE-2019-9087 (HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php nu ...)
- hoteldruid 2.3.2-1
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9086 (HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle ...)
- hoteldruid 2.3.2-1
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9085 (Hoteldruid before v2.3.1 allows remote authenticated users to cause a ...)
- hoteldruid 2.3.2-1
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9084 (In Hoteldruid before 2.3.1, a division by zero was discovered in $num_ ...)
- hoteldruid 2.3.2-1
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanage ...)
NOT-FOR-US: SQLiteManager
@@ -48232,7 +48232,7 @@ CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext para
NOT-FOR-US: VertrigoServ
CVE-2019-8937 (HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, ori ...)
- hoteldruid 2.3.2-1 (bug #929136)
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://www.exploit-db.com/exploits/46429/
CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
@@ -62918,7 +62918,7 @@ CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a C
NOTE: https://github.com/OpenKMIP/PyKMIP/issues/430
CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL I ...)
- hoteldruid 2.3.0-2 (low; bug #917099)
- [stretch] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <ignored> (Minor issue)
[jessie] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://www.exploit-db.com/exploits/45976
CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in / ...)
@@ -68709,7 +68709,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
{DLA-1632-1}
- libsndfile 1.0.28-5 (bug #917416)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
NOTE: https://github.com/erikd/libsndfile/issues/435
NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
@@ -68940,14 +68940,14 @@ CVE-2018-19663
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
{DLA-1618-1}
- libsndfile 1.0.28-5 (low)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
{DLA-1618-1}
- libsndfile 1.0.28-5 (low)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
@@ -82223,25 +82223,25 @@ CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation Vuln
NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/co ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkb ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/4e2ee9c3f6050d773f8bbe05bc0edb17f1ff8371
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xk ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
@@ -82249,43 +82249,43 @@ CVE-2018-15860
RESERVED
CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ExprResolve ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in CopyKeyA ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15857 (An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15856 (An infinite loop when reaching EOL unexpectedly in compose/parser.c (a ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15855 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15854 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcomm ...)
- libxkbcommon 0.8.2-1 (low; bug #907302)
- [stretch] - libxkbcommon <no-dsa> (Minor issue)
+ [stretch] - libxkbcommon <ignored> (Minor issue)
[jessie] - libxkbcommon <no-dsa> (Minor issue)
NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
@@ -85295,7 +85295,7 @@ CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version 4.6
NOT-FOR-US: Keycloak
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic for other ...)
- neutron 2:13.0.0-1 (low)
- [stretch] - neutron <no-dsa> (Minor issue)
+ [stretch] - neutron <ignored> (Minor issue)
[jessie] - neutron <ignored> (Minor issue)
CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants are abl ...)
- neutron 2:13.0.0-1
@@ -89591,10 +89591,10 @@ CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed i
NOTE: binutils not covered by security support
CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
- wine 4.0~rc1-1 (low)
- [stretch] - wine <no-dsa> (Minor issue)
+ [stretch] - wine <ignored> (Minor issue)
[jessie] - wine <postponed> (Minor issue)
- wine-development 3.8-1 (low)
- [stretch] - wine-development <no-dsa> (Minor issue)
+ [stretch] - wine-development <ignored> (Minor issue)
[jessie] - wine-development <no-dsa> (Minor issue)
NOTE: https://bugs.winehq.org/show_bug.cgi?id=45106
NOTE: https://bugs.winehq.org/attachment.cgi?id=61285
@@ -89602,10 +89602,10 @@ CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attack
NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
- wine 4.0~rc1-1 (low)
- [stretch] - wine <no-dsa> (Minor issue)
+ [stretch] - wine <ignored> (Minor issue)
[jessie] - wine <postponed> (Minor issue)
- wine-development 3.8-1 (low)
- [stretch] - wine-development <no-dsa> (Minor issue)
+ [stretch] - wine-development <ignored> (Minor issue)
[jessie] - wine-development <no-dsa> (Minor issue)
NOTE: https://bugs.winehq.org/show_bug.cgi?id=45105
NOTE: https://bugs.winehq.org/attachment.cgi?id=61284
@@ -90357,12 +90357,11 @@ CVE-2018-1000548 (Umlet version < 14.3 contains a XML External Entity (XXE) v
CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control vu ...)
NOT-FOR-US: CoreBOS
CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XX ...)
- - triplea <unfixed> (low; bug #902719)
- [stretch] - triplea <no-dsa> (Minor issue)
- [jessie] - triplea <no-dsa> (Minor issue)
+ - triplea <unfixed> (unimportant; bug #902719)
NOTE: https://0dd.zone/2018/05/31/TripleA-XXE/
NOTE: https://github.com/triplea-game/triplea/issues/3442
NOTE: https://github.com/triplea-game/triplea/pull/4516
+ NOTE: Per https://github.com/triplea-game/triplea/issues/3442#issuecomment-451654646 no security impact
CVE-2018-1000545
REJECTED
CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...)
@@ -127752,7 +127751,7 @@ CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...)
- swftools <removed>
- [stretch] - swftools <no-dsa> (Minor issue)
+ [stretch] - swftools <ignored> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/33
@@ -127762,7 +127761,7 @@ CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
- swftools <removed>
- [stretch] - swftools <no-dsa> (Minor issue)
+ [stretch] - swftools <ignored> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/23
@@ -128196,7 +128195,7 @@ CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in m
NOT-FOR-US: CMS Made Simple
CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properl ...)
- swftools <removed>
- [stretch] - swftools <no-dsa> (Minor issue)
+ [stretch] - swftools <ignored> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/51
@@ -128212,7 +128211,7 @@ CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not pr
NOTE: Crash in CLI tool, no security implications
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...)
- swftools <removed>
- [stretch] - swftools <no-dsa> (Minor issue)
+ [stretch] - swftools <ignored> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/47
@@ -134746,7 +134745,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...)
{DLA-1618-1}
- libsndfile 1.0.28-5 (bug #876783)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/318
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
@@ -135903,14 +135902,14 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...)
{DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...)
{DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
@@ -138807,8 +138806,8 @@ CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection
CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ov ...)
NOT-FOR-US: libbpg
CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
- - x265 2.6-3
- [stretch] - x265 <no-dsa> (Minor issue)
+ - x265 2.6-3 (low)
+ [stretch] - x265 <ignored> (Minor issue)
NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1
NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135
NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
@@ -145082,7 +145081,7 @@ CVE-2017-11197
CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...)
{DLA-1049-1}
- libsndfile 1.0.28-3 (bug #869166)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/292
NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
@@ -158711,7 +158710,7 @@ CVE-2017-6893
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...)
{DLA-985-1}
- libsndfile 1.0.28-1 (bug #864704)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <ignored> (Minor issue)
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee13aded4bd235949ec158716d928ec1982d0513
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ee13aded4bd235949ec158716d928ec1982d0513
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200114/d503692e/attachment.html>
More information about the debian-security-tracker-commits
mailing list