Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (2)
Triage CVE for libgig. Mark as no-dsa for Jessie.
· b8a54735
Markus Koschany
authored
Nov 10, 2019
Minor security risk. See #931309 for more information.
b8a54735
Remove libgig from dla-needed.txt
· 8589d5e5
Markus Koschany
authored
Nov 10, 2019
8589d5e5
Hide whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
8589d5e5
...
...
@@ -60594,21 +60594,27 @@ CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index
NOT-FOR-US: REDAXO
CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...)
NOT-FOR-US: FineCms
...
...
@@ -70348,36 +70354,47 @@ CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...)
- libgig <unfixed> (bug #931309)
[jessie] - libgig <no-dsa> (Minor issue)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...)
- untrunc <itp> (bug #702476)
data/dla-needed.txt
View file @
8589d5e5
...
...
@@ -53,10 +53,6 @@ libav (Sylvain Beucler)
NOTE: 20190831: might fix the issue. Furthermore, most libav bugs have PoCs,
NOTE: 20190831: so there is something one can test with and see if the fix worked.
--
libgig (Markus Koschany)
NOTE: 20191103: Contacted upstream for undetermined CVE. They have not been
NOTE: fixed yet. I am currently investigating how serious they are.
--
libmatio (Adrian Bunk)
NOTE: fairly high number of open issues. Not sure why we never had a look at them.
NOTE: triage work needed, help security team for fixes if needed.
...
...
