fixing a bunch of opencv CVEs also in unstable

Signed-off-by: Mattia Rizzolo's avatarMattia Rizzolo <mattia@debian.org>
parent 0816f6c8
......@@ -50040,7 +50040,6 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...)
- libpodofo <unfixed> (low; bug #892557)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
......@@ -58719,14 +58718,14 @@ CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
{DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886675)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #886675)
[stretch] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
{DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886674)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #886674)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
......@@ -62417,7 +62416,7 @@ CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-gi
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
{DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #886282)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #886282)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
......@@ -63939,7 +63938,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
{DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #885843)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #885843)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
......@@ -87154,19 +87153,19 @@ CVE-2017-12865 (Stack-based buffer overflow in &quot;dnsproxy.c&quot; in connman
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875345)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #875345)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875344)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #875344)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #875342)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #875342)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson &quot;EasyMP&quot; software is designed to remotely stream a users ...)
......@@ -87979,30 +87978,30 @@ CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted red
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872045)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872045)
[stretch] - opencv <ignored> (Minor issue)
[jessie] - opencv <ignored> (Minor issue)
[wheezy] - opencv <ignored> (Minor issue)
......@@ -88010,12 +88009,12 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872045)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872045)
[stretch] - opencv <ignored> (Minor issue)
[jessie] - opencv <ignored> (Minor issue)
[wheezy] - opencv <ignored> (Minor issue)
......@@ -88023,19 +88022,19 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872044)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872044)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
......@@ -151280,7 +151279,8 @@ CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.
CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 ...)
NOT-FOR-US: Grandstream Wave app
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service ...)
- opencv <unfixed> (bug #872043)
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872043)
[stretch] - opencv <ignored> (Minor issue)
[jessie] - opencv <no-dsa> (Minor issue)
[wheezy] - opencv <no-dsa> (Minor issue)
......@@ -151289,7 +151289,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
{DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv <unfixed> (bug #872043)
- opencv 3.2.0+dfsg-5ubuntu1 (bug #872043)
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment