Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6f5cc762 by Salvatore Bonaccorso at 2018-03-09T08:24:42+01:00 Reference upstream commit for CVE-2018-580{0,1,2}/libraw Note tha the upstream commit message is wrong saying "0.18.17" which is though defitively tagged as 0.18.7 and is after 0.18.6 release, the changelog is as well refering to 0.18.7 thus deducing that the upstream version 0.18.7 is correct to use. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -6075,14 +6075,17 @@ CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw RESERVED - libraw 0.18.7-1 NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt + NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp] RESERVED - libraw 0.18.7-1 NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt + NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp] RESERVED - libraw 0.18.7-1 NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt + NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...) - electron <itp> (bug #842420) NOTE: Linux is not affected View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5cc76218c6c29dc90fe5321b282f1a7241e921 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits