Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0ca2d576 by Moritz Muehlenhoff at 2018-03-08T21:38:37+01:00 exempi, libcdio, python-crypto, mp4v2 no-dsa - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -71,21 +71,28 @@ CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php h CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ...) NOT-FOR-US: YxtCMF CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...) - - exempi <unfixed> + - exempi <unfixed> (low) + [stretch] - exempi <no-dsa> (Minor issue) [jessie] - exempi <not-affected> (Vulnerable code introduced later) [wheezy] - exempi <not-affected> (Vulnerable code introduced later) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666 CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...) - - exempi <unfixed> + - exempi <unfixed> (low) + [stretch] - exempi <no-dsa> (Minor issue) + [jessie] - exempi <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-based ...) - - exempi <unfixed> + - exempi <unfixed> (low) + [stretch] - exempi <no-dsa> (Minor issue) + [jessie] - exempi <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...) - - exempi <unfixed> + - exempi <unfixed> (low) + [stretch] - exempi <no-dsa> (Minor issue) + [jessie] - exempi <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205 NOTE: https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak ...) @@ -991,10 +998,14 @@ CVE-2018-7445 CVE-2018-7444 RESERVED CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...) - - libcdio 1.0.0-1 + - libcdio 1.0.0-1 (low) + [stretch] - libcdio <no-dsa> (Minor issue) + [jessie] - libcdio <no-dsa> (Minor issue) NOTE: https://savannah.gnu.org/bugs/?52264 CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows ...) - - libcdio 1.0.0-1 + - libcdio 1.0.0-1 (low) + [stretch] - libcdio <no-dsa> (Minor issue) + [jessie] - libcdio <no-dsa> (Minor issue) NOTE: https://savannah.gnu.org/bugs/?52265 CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...) {DLA-1299-1} @@ -1252,7 +1263,9 @@ CVE-2018-7341 CVE-2018-7340 RESERVED CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...) - - mp4v2 <unfixed> + - mp4v2 <unfixed> (low) + [stretch] - mp4v2 <no-dsa> (Minor issue) + [jessie] - mp4v2 <no-dsa> (Minor issue) NOTE: https://github.com/pingsuewim/libmp4_bof CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) NOT-FOR-US: HamayeshNegar CMS @@ -1523,6 +1536,8 @@ CVE-2018-1000086 CVE-2018-1000085 [Out-of-bounds heap read in XAR parser] RESERVED - clamav 0.99.3~beta1+dfsg-1 + [stretch] - clamav <no-dsa> (clamav is updated via -updates) + [jessie] - clamav <no-dsa> (clamav is updated via -updates) NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6 NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4 CVE-2018-1000084 @@ -3468,6 +3483,8 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat {DLA-1283-1} - pycryptodome 3.4.11-1 (bug #889998) - python-crypto <unfixed> (bug #889999) + [stretch] - python-crypto <no-dsa> (Minor issue) + [jessie] - python-crypto <no-dsa> (Minor issue) NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253 NOTE: The issue is found as well in pycryptodome (fork from python-crypto) NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0ca2d576c37ef6b5f56ec136fea4a3cde1e78852 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits