Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f8c2afcb by Moritz Muehlenhoff at 2018-03-26T23:06:24+02:00 new exiv2 issues netpbm n/a - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -91,11 +91,15 @@ CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifyin CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...) NOT-FOR-US: Open-AudIT Professional CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...) - TODO: check + [experimental] - exiv2 <unfixed> + - exiv2 <not-affected> (Vulnerable code introduced after 0.25) + NOTE: https://github.com/Exiv2/exiv2/issues/247 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...) - TODO: check + - exiv2 <undetermined> + NOTE: https://github.com/Exiv2/exiv2/issues/246 CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through ...) - TODO: check + - netpbm-free <not-affected> (Vulnerable code not present) + NOTE: Debian uses an unaffected fork CVE-2018-8974 RESERVED CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c2afcbd231620c26f29f51d0b39405afc0f910 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c2afcbd231620c26f29f51d0b39405afc0f910 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits