Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 35291998 by Moritz Muehlenhoff at 2019-02-02T03:30:23Z mp4v removed bugs for telegram and yum - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23525,7 +23525,7 @@ CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Losant Arduino MQTT Client CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...) - - telegram-desktop <unfixed> + - telegram-desktop <unfixed> (bug #921133) NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html CVE-2018-17612 (Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) ...) NOT-FOR-US: Sennheiser @@ -24426,12 +24426,12 @@ CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_re - hdf5 <undetermined> NOTE: https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...) - - mp4v2 <unfixed> (bug #909277) + - mp4v2 <removed> (bug #909277) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453 CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in ...) - - mp4v2 <unfixed> (bug #909278) + - mp4v2 <removed> (bug #909278) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451 @@ -31727,7 +31727,7 @@ CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bo [stretch] - confuse 3.0+dfsg-2+deb9u1 NOTE: https://github.com/martinh/libconfuse/issues/109 CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows ...) - - mp4v2 <unfixed> (bug #904896) + - mp4v2 <removed> (bug #904896) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: https://github.com/TechSmith/mp4v2/issues/20 @@ -31855,7 +31855,7 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...) - - mp4v2 <unfixed> (bug #904897) + - mp4v2 <removed> (bug #904897) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3 @@ -31927,7 +31927,7 @@ CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, ...) - graylog2 <itp> (bug #652273) CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...) - - mp4v2 <unfixed> (bug #904898) + - mp4v2 <removed> (bug #904898) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1 @@ -32341,12 +32341,12 @@ CVE-2018-14242 (This vulnerability allows remote attackers to execute arbitrary CVE-2018-14241 (This vulnerability allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Foxit Reader CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory ...) - - mp4v2 <unfixed> (bug #904900) + - mp4v2 <removed> (bug #904900) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1 CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory ...) - - mp4v2 <unfixed> (bug #904901) + - mp4v2 <removed> (bug #904901) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1 @@ -32838,7 +32838,7 @@ CVE-2018-1000207 (MODX Revolution version <=2.6.4 contains a Incorrect Access CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Request ...) NOT-FOR-US: JFrog Artifactory CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...) - - mp4v2 <unfixed> (bug #903859) + - mp4v2 <removed> (bug #903859) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1 @@ -41178,7 +41178,7 @@ CVE-2018-10899 CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before ...) - tripleo-heat-templates <removed> CVE-2018-10897 (A directory traversal issue was found in reposync, a part of ...) - - yum-utils <unfixed> + - yum-utils <unfixed> (bug #921131) [stretch] - yum-utils <ignored> (Minor issue) [jessie] - yum-utils <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221 @@ -50635,7 +50635,7 @@ CVE-2018-7341 CVE-2018-7340 RESERVED CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...) - - mp4v2 <unfixed> (low; bug #893544) + - mp4v2 <removed> (low; bug #893544) [stretch] - mp4v2 <no-dsa> (Minor issue) [jessie] - mp4v2 <no-dsa> (Minor issue) [wheezy] - mp4v2 <ignored> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3529199877523c306efbec54e461fd99a2987ac6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3529199877523c306efbec54e461fd99a2987ac6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits