[Git][security-tracker-team/security-tracker][master] Remove no-dsa tag for libraw in stretch
Abhijith PA (@abhijith)
abhijith at debian.org
Sat Jan 29 07:29:53 GMT 2022
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73a220f2 by Abhijith PA at 2022-01-29T12:52:59+05:30
Remove no-dsa tag for libraw in stretch
CVE-2017-14608, CVE-2017-16909, CVE-2017-16910, CVE-2018-5800
CVE-2018-5801, CVE-2018-5802, CVE-2018-5804, CVE-2018-5805,
CVE-2018-5806, CVE-2018-5807, CVE-2018-5808, CVE-2018-5810,
CVE-2018-5811, CVE-2018-5812, CVE-2018-5813, CVE-2018-5815,
CVE-2018-5817, CVE-2018-5818, CVE-2018-5819, CVE-2018-20363,
CVE-2018-20364 and CVE-2018-20365
Mark CVE-2018-5809, CVE-2018-10528, CVE-2018-10529, CVE-2018-20337,
CVE-2020-15503 CVE-2020-24889 not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -95736,7 +95736,7 @@ CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference vulner
CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...)
- libraw 0.20.2-1
[buster] - libraw <no-dsa> (Minor issue)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/334
NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
CVE-2020-24888
@@ -116373,7 +116373,7 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
[experimental] - libraw 0.20.0-1
- libraw 0.20.0-4 (bug #964747)
[buster] - libraw <no-dsa> (Minor issue)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...)
@@ -205680,7 +205680,6 @@ CVE-2018-20366
RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
- libraw 0.19.2-2 (bug #917111)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/195
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
@@ -205688,7 +205687,6 @@ CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer ov
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
- libraw 0.19.2-2 (bug #917112)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/194
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
@@ -205696,7 +205694,6 @@ CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
- libraw 0.19.2-2 (bug #917113)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/193
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
@@ -205795,7 +205792,7 @@ CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
- libraw 0.19.2-1 (bug #917080)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
@@ -239824,14 +239821,14 @@ CVE-2018-10530
RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
- libraw 0.18.11-1 (low; bug #897186)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...)
- libraw 0.18.11-1 (low; bug #897185)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
@@ -253234,19 +253231,16 @@ CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
{DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
{DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
{DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...)
@@ -253257,7 +253251,6 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter
NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
- libraw 0.18.13-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2018/Jul/58
CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...)
@@ -253268,54 +253261,45 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
- libraw 0.18.11-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
{DLA-1734-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...)
@@ -253325,21 +253309,18 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
{DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
{DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
{DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
@@ -270507,14 +270488,12 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an
NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...)
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
@@ -277937,7 +277916,6 @@ CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...)
{DLA-1109-1}
- libraw 0.18.5-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
@@ -278711,7 +278689,6 @@ CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGIma
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...)
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/100
@@ -278927,7 +278904,6 @@ CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow v
NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/99
@@ -280485,7 +280461,6 @@ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magi
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...)
- libraw 0.18.5-1 (low; bug #874729)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/96
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a220f2f9cbfd8de50726d3bff8e30534a50dd1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73a220f2f9cbfd8de50726d3bff8e30534a50dd1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220129/818070fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list