diff options
author | Neil Williams <codehelp@debian.org> | 2022-02-11 10:37:59 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2022-02-11 10:37:59 +0000 |
commit | d14d17c5eb4cde9e749cac3953534d053f1591b8 (patch) | |
tree | 0534e88a82109053fda86aa3d19557c8b444e1a9 | |
parent | 930557487be4a988f746a12c515c443a7137544d (diff) |
CVE-2018-1143{2-8}/libmobi tested in sid
0.9+dfsg1-1 provides the mobitool binary that is described in the CVE
disclosure. The poc.zip provides test ebooks to prompt failures.
Each test produced either an error code or a normal operation instead
of the described crashes.
-rw-r--r-- | data/CVE/list.2018 | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index e94f8d9431..1e529a7393 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -26275,33 +26275,26 @@ CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in NOTE: Pull request: https://github.com/taglib/taglib/pull/869 NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45 CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...) - - libmobi <undetermined> + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11431 RESERVED CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...) |