[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2018-580{0, 1, 2}/libraw

Thu, 08 Mar 2018 23:26:38 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f5cc762 by Salvatore Bonaccorso at 2018-03-09T08:24:42+01:00
Reference upstream commit for CVE-2018-580{0,1,2}/libraw

Note tha the upstream commit message is wrong saying "0.18.17" which 
is
though defitively tagged as 0.18.7 and is after 0.18.6 release, the
changelog is as well refering to 0.18.7 thus deducing that the upstream
version 0.18.7 is correct to use.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6075,14 +6075,17 @@ CVE-2018-5802 [Out-of-bounds read in 
kodak_radc_load_raw function internal/dcraw
        RESERVED
        - libraw 0.18.7-1
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+       NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function 
src/libraw_cxx.cpp]
        RESERVED
        - libraw 0.18.7-1
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+       NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw 
function in internal/dcraw_common.cpp]
        RESERVED
        - libraw 0.18.7-1
        NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
+       NOTE: 
https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 
and earlier, ...)
        - electron <itp> (bug #842420)
        NOTE: Linux is not affected



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to