[Git][security-tracker-team/security-tracker][master] Reference relevant pocs for gegl directly

Tue, 17 Apr 2018 22:56:52 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67fef5b6 by Salvatore Bonaccorso at 2018-04-18T07:54:26+02:00
Reference relevant pocs for gegl directly

CVE-2018-10111 is for the one in render_rectangle fuction, so this is
2-gegl-dos-1 (I think SuSE bugzilla has them swapped, double check),
whereas CVE-2018-10113 is the one in the process function, so
3-gegl-dos-2. CVE-2018-10112 is for the issue
ingegl_tile_backend_swap_constructed and thus can be verified with
4-gegl-outbound-write-2. gegl-dos-3 has no CVE, and it's unclear if the
isssue is in gegl or possibly in the underlying used library.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -166,16 +166,16 @@ CVE-2018-10113 (An issue was discovered in GEGL through 
0.3.32. The process func
        - gegl <unfixed> (low)
        [stretch] - gegl <no-dsa> (Minor issue)
        [jessie] - gegl <no-dsa> (Minor issue)
-       NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl
+       NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#3-gegl-dos-2
 CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The ...)
        - gegl <unfixed>
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
-       NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl
+       NOTE: 
https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
 CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The 
render_rectangle ...)
        - gegl <unfixed> (low)
        [stretch] - gegl <no-dsa> (Minor issue)
        [jessie] - gegl <no-dsa> (Minor issue)
-       NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl
+       NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#2-gegl-dos-1
 CVE-2018-10110
        RESERVED
 CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an 
attacker has ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67fef5b610e63e0ca2773429571a99053c4468d5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67fef5b610e63e0ca2773429571a99053c4468d5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to