Re: upload leptonlib
- To: Ben Hutchings <ben@decadent.org.uk>
- Cc: Antoine Beaupré <anarcat@orangeseeds.org>, Roberto C. Sánchez <roberto@debian.org>, Abhijith PA <abhijith@disroot.org>, Debian LTS <debian-lts@lists.debian.org>, leptonlib@packages.debian.org
- Subject: Re: upload leptonlib
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 23 Feb 2018 21:58:42 +0100
- Message-id: <[🔎] 20180223205842.GA26636@eldamar.local>
- Mail-followup-to: Ben Hutchings <ben@decadent.org.uk>, Antoine Beaupré <anarcat@orangeseeds.org>, Roberto C. Sánchez <roberto@debian.org>, Abhijith PA <abhijith@disroot.org>, Debian LTS <debian-lts@lists.debian.org>, leptonlib@packages.debian.org
- In-reply-to: <[🔎] 1519317496.2617.248.camel@decadent.org.uk>
- References: <[🔎] bc8204ac-f111-d069-5095-29dfb1becd63@disroot.org> <[🔎] 20180215032335.xqgqbvkpr65ftj7b@camaguey.connexer.com> <[🔎] 1518730488.2617.129.camel@decadent.org.uk> <[🔎] 87mv08iv61.fsf@curie.anarc.at> <[🔎] 1518902899.2617.156.camel@decadent.org.uk> <[🔎] 20180222062619.uasr4ryjd3ndvqqe@lorien.valinor.li> <[🔎] 1519317496.2617.248.camel@decadent.org.uk>
Hi Ben,
MITRE did assign the following:
On Thu, Feb 22, 2018 at 05:38:16PM +0100, Ben Hutchings wrote:
> > > 1. #890548
> >
> > This one has CVE-2018-7186.
> >
> > > 2. Incomplete fix for #889759 / CVE-2018-3836
CVE-2018-7440
> > > 3. Similar issue to #889759 / CVE-2018-3836, "/" is not filtered so
> > > there is a possibility of path traversal and arbitrary file overwrite
CVE-2018-7442
> > > 4. #885704
CVE-2017-18196
> > > 5. The remaining hardcoded paths in /tmp
CVE-2018-7441
Regards,
Salvatore
Attachment:
signature.asc
Description: PGP signature
Reply to: