[Firebird-devel] [FB-Tracker] Created: (CORE-6076) CyberSecurity scan reports CVSS v3 of 9.8 because of outdated zlib1.dll and libicu dll's

Karsten Stock (JIRA) Wed, 05 Jun 2019 23:59:01 -0700

CyberSecurity scan reports CVSS v3 of 9.8 because of outdated zlib1.dll and 
libicu dll's
----------------------------------------------------------------------------------------


                 Key: CORE-6076
                 URL: http://tracker.firebirdsql.org/browse/CORE-6076
             Project: Firebird Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 3.0.4
         Environment: Windows
            Reporter: Karsten Stock


The BinaryScanner we have to use to get internal CyberSecurity approval reports 
two critical findings in the Firebird 3.04 setup.

First is based on the usage of libicu dll's with the outdated version of 52 
(64.2 newest). A CVSS v3 rating of 9.8 is reported.
CVE-2014-9911 / CVE-2014-9654
CVE-2015-5922 / CVE-2016-0494

Second is the usage of zlib1.dll with the outdated  version 1.2.8 (1.2.11 
latest one). A CVSS v3 rating of 9.8 is reported.
CVE-2016-9843 / CVE-2016-9841

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

[Firebird-devel] [FB-Tracker] Created: (CORE-6076) CyberSecurity scan reports CVSS v3 of 9.8 because of outdated zlib1.dll and libicu dll's

Reply via email to