diff options
author | Hugo Lefeuvre <hle@debian.org> | 2018-11-19 17:52:40 +0100 |
---|---|---|
committer | Hugo Lefeuvre <hle@debian.org> | 2018-11-19 17:52:40 +0100 |
commit | 37127a302c05120b8e33f357835419f2263a7456 (patch) | |
tree | 5408ac3d1bacf9a4b081ffe07a9ea48ff888e6a8 | |
parent | 0b0092567b5aaa950204a09c0c0740a899487bbe (diff) |
data/CVE: update openjpeg2 cve notes
Reference my patches for CVE-2017-17480 and CVE-2018-18088.
CVE-2018-5785 is actually not affecting Jessie, support for this BMP
version was added later.
-rw-r--r-- | data/CVE/list | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 95c5a1143b..318e1f07fa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3436,6 +3436,7 @@ CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" - openjpeg2 <unfixed> (low; bug #910763) [stretch] - openjpeg2 <ignored> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1152 + NOTE: https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2 CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...) NOT-FOR-US: Bixie Portfolio plugin for Pagekit CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the ...) @@ -36539,8 +36540,11 @@ CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop an NOTE: https://github.com/ckolivas/lrzip/issues/91 CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...) - openjpeg2 <unfixed> (low; bug #888533) + [jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/uclouvain/openjpeg/issues/1057 NOTE: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975 + NOTE: vulnerable code introduced in + NOTE: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...) {DLA-1411-1 DLA-1391-1} - tiff 4.0.9-4 (bug #890441) @@ -49040,6 +49044,7 @@ CVE-2017-17481 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) - openjpeg2 <unfixed> (bug #884738) NOTE: https://github.com/uclouvain/openjpeg/issues/1044 + NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62 CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) - openjpeg2 <unfixed> (unimportant) NOTE: https://github.com/uclouvain/openjpeg/issues/1044 |