diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 14:32:05 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 14:34:10 +0100 |
commit | cfbe36fb515381a8b2c961d131d8052826185c6f (patch) | |
tree | 79e074e7c18725efd355826c69e9dd10324bf9c7 /data/CVE | |
parent | f99b5a5f48ffad7bdc74e071b78eedb5cb738fd9 (diff) |
libsass triage
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2017.list | 23 | ||||
-rw-r--r-- | data/CVE/2018.list | 12 |
2 files changed, 14 insertions, 21 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index f976aaf924..de73047cc4 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -16940,16 +16940,11 @@ CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in l CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...) NOT-FOR-US: Apache2Triad CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397 + NOTE: Bogus report against historic libsass version CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335 - NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed - NOTE: with the upstream patch for CVE-2017-11555. + NOTE: Bogus report against historic libsass version CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331 + NOTE: Bogus report against historic libsass version CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436 @@ -20906,8 +20901,7 @@ CVE-2017-11607 CVE-2017-11606 RESERVED CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...) - - libsass <undetermined> (bug #870184) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019 + NOTE: Bogus report against historic libsass version CVE-2017-11604 RESERVED CVE-2017-11603 @@ -21711,11 +21705,9 @@ CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHIC [wheezy] - chicken <no-dsa> (Minor issue) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722 + NOTE: Bogus report against historic libsass version CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714 + NOTE: Bogus report against historic libsass version CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...) - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/53 @@ -23672,8 +23664,7 @@ CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDir NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...) - - libsass <undetermined> (low; bug #866672) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411 + NOTE: Bogus report against historic libsass version CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...) {DLA-1041-1} - nasm 2.13.02-0.1 (bug #867988) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index c2667d8b32..f43b2880f6 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1036,7 +1036,7 @@ CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (unc NOTE: Possibly introduced after https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57 (3.4.7) NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/sass/libsass/issues/2658 @@ -4332,10 +4332,11 @@ CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexp CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...) NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM) CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2779 + NOTE: https://github.com/sass/libsass/commit/e94b5f91ec372a84be1f9c0da32cb6e0af0b99fe CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPre ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple substit ...) @@ -25415,12 +25416,13 @@ CVE-2018-11700 CVE-2018-11699 RESERVED CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2662 + NOTE: https://github.com/sass/libsass/commit/8f40dc03e5ab5a8b2ebeb72b31f8d1adbb2fd6ae CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2656 @@ -25437,7 +25439,7 @@ CVE-2018-11695 (An issue was discovered in LibSass <3.5.3. A NULL pointer der NOTE: https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf (master) NOTE: https://github.com/sass/libsass/commit/e3512120403dc7863a38bf2f122e7523593718ad (3.5.3) CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2663 |