Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Roundup 36 (master) #34787

Closed
8 of 9 tasks
ckauhaus opened this issue Feb 9, 2018 · 7 comments
Closed
8 of 9 tasks

Vulnerability Roundup 36 (master) #34787

ckauhaus opened this issue Feb 9, 2018 · 7 comments
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Milestone
18.03

Comments

@ckauhaus
Copy link
Contributor

ckauhaus commented Feb 9, 2018
edited
Loading

Scanned nixos/release-combined.nix @ e860b65. Filtered out previously reported CVEs. May contain false positives.

libtasn1-4.12 (search, files)

libtiff-4.0.9 (search, files)

mupdf-1.12.0 (search, files)

qemu-2.11.0 (search, files)

Cc: @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001, @peterhoeg, @nh2, @LnL7, @grahamc, @adisbladis, @fpletz

Contact @ckauhaus for any questions.
@ckauhaus
Copy link
Contributor Author

ckauhaus commented Feb 9, 2018

Associated vulnerability roundup for release-17.09 is #34786

@ckauhaus ckauhaus mentioned this issue Feb 9, 2018
Closed
1 task
@7c6f434c
Copy link
Member

7c6f434c commented Feb 9, 2018
edited
Loading

CVE-2018-6871 ?

https://nvd.nist.gov/vuln/detail/CVE-2018-6871

LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function

vcunat added a commit that referenced this issue Feb 10, 2018
@vcunat
libtasn1: 4.12 -> 4.13 (security)
256ba86 
/cc #34787.
@dotlambda
Copy link
Member

dotlambda commented Feb 10, 2018
edited
Loading

@fpletz fpletz added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Mar 13, 2018
@fpletz fpletz added this to the 18.03 milestone Mar 13, 2018
@ckauhaus
Copy link
Contributor Author

libtiff 4.0.10 is available on http://www.simplesystems.org/libtiff/ and should be updated

@Ekleog
Copy link
Member

Ekleog commented Nov 28, 2018

libtiff update is now merged: #51105 (comment)

@ckauhaus
Copy link
Contributor Author

ckauhaus commented Dec 8, 2018

It's unlikely that we fix qemu-2.11, so I'll close this ticket for now.

@ckauhaus ckauhaus closed this as completed Dec 8, 2018
@vcunat
Copy link
Member

vcunat commented Dec 9, 2018
edited
Loading

AFAIK we now only have qemu-3.0.0 on both master and 18.09.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
18.03
Development

No branches or pull requests
6 participants
@fpletz @Ekleog @ckauhaus @vcunat @7c6f434c @dotlambda