Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35291998 by Moritz Muehlenhoff at 2019-02-02T03:30:23Z
mp4v removed
bugs for telegram and yum
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23525,7 +23525,7 @@ CVE-2018-17615 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2018-17614 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Losant Arduino MQTT Client
CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use
proxy" is ...)
- - telegram-desktop <unfixed>
+ - telegram-desktop <unfixed> (bug #921133)
NOTE:
https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
CVE-2018-17612 (Sennheiser HeadSetup 7.3.4903 places Certification Authority
(CA) ...)
NOT-FOR-US: Sennheiser
@@ -24426,12 +24426,12 @@ CVE-2018-17237 (A SIGFPE signal is raised in the
function H5D__chunk_set_info_re
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0
internally ...)
- - mp4v2 <unfixed> (bug #909277)
+ - mp4v2 <removed> (bug #909277)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453
CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in
mp4track.cpp in ...)
- - mp4v2 <unfixed> (bug #909278)
+ - mp4v2 <removed> (bug #909278)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
@@ -31727,7 +31727,7 @@ CVE-2018-14447 (trim_whitespace in lexer.l in
libConfuse v3.2.1 has an out-of-bo
[stretch] - confuse 3.0+dfsg-2+deb9u1
NOTE: https://github.com/martinh/libconfuse/issues/109
CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0
allows ...)
- - mp4v2 <unfixed> (bug #904896)
+ - mp4v2 <removed> (bug #904896)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: https://github.com/TechSmith/mp4v2/issues/20
@@ -31855,7 +31855,7 @@ CVE-2018-14404 (A NULL pointer dereference
vulnerability exists in the ...)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles
substrings ...)
- - mp4v2 <unfixed> (bug #904897)
+ - mp4v2 <removed> (bug #904897)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
@@ -31927,7 +31927,7 @@ CVE-2018-14381 (Pagekit before 1.0.14 has a
/user/login?redirect= open redirect
CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead
components, ...)
- graylog2 <itp> (bug #652273)
CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly
uses the ...)
- - mp4v2 <unfixed> (bug #904898)
+ - mp4v2 <removed> (bug #904898)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
@@ -32341,12 +32341,12 @@ CVE-2018-14242 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2018-14241 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant
memory ...)
- - mp4v2 <unfixed> (bug #904900)
+ - mp4v2 <removed> (bug #904900)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant
memory ...)
- - mp4v2 <unfixed> (bug #904901)
+ - mp4v2 <removed> (bug #904901)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
@@ -32838,7 +32838,7 @@ CVE-2018-1000207 (MODX Revolution version <=2.6.4
contains a Incorrect Access
CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite
Request ...)
NOT-FOR-US: JFrog Artifactory
CVE-2018-14054 (A double free exists in the MP4StringProperty class in
mp4property.cpp ...)
- - mp4v2 <unfixed> (bug #903859)
+ - mp4v2 <removed> (bug #903859)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
@@ -41178,7 +41178,7 @@ CVE-2018-10899
CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates
before ...)
- tripleo-heat-templates <removed>
CVE-2018-10897 (A directory traversal issue was found in reposync, a part of
...)
- - yum-utils <unfixed>
+ - yum-utils <unfixed> (bug #921131)
[stretch] - yum-utils <ignored> (Minor issue)
[jessie] - yum-utils <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
@@ -50635,7 +50635,7 @@ CVE-2018-7341
CVE-2018-7340
RESERVED
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0
mishandles ...)
- - mp4v2 <unfixed> (low; bug #893544)
+ - mp4v2 <removed> (low; bug #893544)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
[wheezy] - mp4v2 <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3529199877523c306efbec54e461fd99a2987ac6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3529199877523c306efbec54e461fd99a2987ac6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
