FS#57961 - [ming] Multiple CVEs
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Monday, 26 March 2018, 07:11 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 15:33 GMT
Opened by Karol Babioch (kbabioch) - Monday, 26 March 2018, 07:11 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 15:33 GMT
|
Details
There are many CVEs filed against this package. We are
currently at 0.4.7, which is vulnerable in many ways:
Fixed in development branch (0.4.9-dev): - CVE-2017-11704 - CVE-2017-11728 - CVE-2017-11729 - CVE-2017-11730 - CVE-2017-11731 - CVE-2017-11734 - CVE-2017-11733 - CVE-2017-9988 - CVE-2017-9989 - CVE-2017-16883 - CVE-2017-11732 - CVE-2017-16898 - CVE-2018-5251 - CVE-2018-5294 - CVE-2018-6315 - CVE-2018-6359 - CVE-2018-7875 - CVE-2018-7871 - CVE-2018-7868 - CVE-2018-7870 - CVE-2018-7872 Fixed in 0.4.8: - CVE-2017-7578 Unclear (not mentioned in NEWS): - CVE-2016-9264 - CVE-2016-9265 - CVE-2016-9266 - CVE-2016-9827 - CVE-2016-9828 - CVE-2016-9829 - CVE-2016-9831 - CVE-2017-11703 - CVE-2017-11705 - CVE-2017-16883 - CVE-2017-8782 - CVE-2018-6358 - CVE-2018-7866 - CVE-2018-7867 - CVE-2018-7869 - CVE-2018-7873 - CVE-2018-7874 - CVE-2018-7876 - CVE-2018-7877 - CVE-2018-8806 - CVE-2018-8807 - CVE-2018-8961 - CVE-2018-8962 - CVE-2018-8963 - CVE-2018-8964 - CVE-2018-9009 References: https://github.com/libming/libming/blob/master/NEWS https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ming https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libming |
This task depends upon
Closed by freswa (frederik)
Thursday, 10 September 2020, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: ming r3160.50098023-1
Thursday, 10 September 2020, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: ming r3160.50098023-1
This seems like a reasonable justification to package the snapshot IMHO -- how stable is it?
CVE-2019-9114 https://github.com/libming/libming/issues/170
CVE-2019-9113 https://github.com/libming/libming/issues/171
CVE-2019-7582 https://github.com/libming/libming/issues/172
CVE-2019-7581 https://github.com/libming/libming/issues/173
Another ten plus overflows and null pointer dereferences without CVE assignment and no python3 support.