Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
701920f1 by Moritz Mühlenhoff at 2021-04-20T20:43:10+02:00
mark old hdf issues as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -169898,9 +169898,10 @@ CVE-2018-17441 (An issue was discovered on D-Link
Central WiFi Manager before v
CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before
v 1.03r0 ...)
NOT-FOR-US: D-Link
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There
is a sta ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
+ NOTE: Negligible security impact
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of
H5Dselec ...)
- hdf5 1.10.6+repack-1 (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
@@ -169917,12 +169918,14 @@ CVE-2018-17437 (Memory leak in the
H5O_dtype_decode_helper() function in H5Odtyp
NOTE: fixed in 1.10.5, release notes:
https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3
library allo ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
+ NOTE: Negligible security impact
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in
H5Oattr.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
+ NOTE: Negligible security impact
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of
h5repack_ ...)
- hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -169933,9 +169936,10 @@ CVE-2018-17434 (A SIGFPE signal is raised in the
function apply_filters() of h5r
NOTE: fixed in 1.10.5, release notes:
https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in
gifread.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
+ NOTE: Negligible security impact
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in
H5Osdspace.c in ...)
- hdf5 <unfixed> (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -172625,8 +172629,9 @@ CVE-2018-16440
CVE-2018-16439
RESERVED
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
+ NOTE: Negligible security impact
CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal
exploitable ...)
NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection
exploitable by an ...)
@@ -174612,9 +174617,10 @@ CVE-2018-15673
CVE-2018-15672
REJECTED
CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library.
Excessive stac ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
+ NOTE: Negligible security impact
CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.
Its primar ...)
NOT-FOR-US: Bloop Airmail
CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS.
Its primar ...)
@@ -177862,8 +177868,9 @@ CVE-2018-14461 (The LDP parser in tcpdump before
4.9.3 has a buffer over-read in
- tcpdump 4.9.3-1 (bug #941698)
NOTE:
https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
+ NOTE: Negligible security impact
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an
out-of-bounds wri ...)
- libgig <unfixed> (unimportant; bug #931309)
NOTE:
https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
@@ -179039,19 +179046,23 @@ CVE-2018-14036 (Directory Traversal with ../
sequences occurs in AccountsService
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
NOTE:
https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14032
REJECTED
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14030
RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS
0.6.2 allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701920f1075a4644989fb3f240920f01152a877a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701920f1075a4644989fb3f240920f01152a877a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
