Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2018-20536 CVE-2018-20537 CVE-2018-20539

Related Vulnerabilities: CVE-2018-20536   CVE-2018-20537   CVE-2018-20539  

Source

Debian Bug report logs - #924614
CVE-2018-20536 CVE-2018-20537 CVE-2018-20539

version graph

Package: src:liblas; Maintainer for src:liblas is Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 14 Mar 2019 21:51:01 UTC

Severity: important

Tags: security, upstream

Found in versions liblas/1.8.1-10, liblas/1.8.1-3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#924614; Package src:liblas. (Thu, 14 Mar 2019 21:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>. (Thu, 14 Mar 2019 21:51:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2018-20536 CVE-2018-20537 CVE-2018-20539
Date: Thu, 14 Mar 2019 22:46:31 +0100
Source: liblas
Severity: important
Tags: security

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20536

Cheers,
        Moritz

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 Mar 2019 22:51:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#924614; Package src:liblas. (Fri, 15 Mar 2019 05:45:05 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>. (Fri, 15 Mar 2019 05:45:05 GMT) (full text, mbox, link).

Message #12 received at 924614@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
To: Moritz Muehlenhoff <jmm@debian.org>, 924614@bugs.debian.org
Subject: Re: Bug#924614: CVE-2018-20536 CVE-2018-20537 CVE-2018-20539
Date: Fri, 15 Mar 2019 06:43:23 +0100
With libLAS being deprecated and in maintenance mode upstream, it will
take some time to get fixes from upstream unless someone contributes them.

Once the fixes are available they'll be added to the Debian package.

During the bullseye development cycle liblas is likely to be removed
from Debian, once grass & pktools stop using it.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Marked as found in versions liblas/1.8.1-10. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 15 Mar 2019 06:39:03 GMT) (full text, mbox, link).

Marked as found in versions liblas/1.8.1-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 15 Mar 2019 06:39:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#924614; Package src:liblas. (Wed, 20 Mar 2019 18:21:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>. (Wed, 20 Mar 2019 18:21:09 GMT) (full text, mbox, link).

Message #21 received at 924614@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Cc: 924614@bugs.debian.org
Subject: Re: Bug#924614: CVE-2018-20536 CVE-2018-20537 CVE-2018-20539
Date: Wed, 20 Mar 2019 19:17:28 +0100
On Fri, Mar 15, 2019 at 06:43:23AM +0100, Sebastiaan Couwenberg wrote:
> With libLAS being deprecated and in maintenance mode upstream, it will
> take some time to get fixes from upstream unless someone contributes them.
> 
> Once the fixes are available they'll be added to the Debian package.

Ack, there's all fairly harmless anyway. I've marked them as <no-dsa>
for buster, if at some point patches emerge, we can fix them post
release still

Cheers,
        Moritz

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:55:50 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started