Source: bibutils Version: 6.2-1 Severity: normal Tags: security upstream Hi,
The following vulnerabilities were published for bibutils. This report is to mainly make aware of the issues, I'm not sure if upstream were made aware of those, as the CVE references by now just consist of pointing to reproducers. CVE-2018-10773[0]: | NULL pointer deference in the addsn function in serialno.c in | libbibcore.a in bibutils through 6.2 allows remote attackers to cause a | denial of service (application crash), as demonstrated by copac2xml. CVE-2018-10774[1]: | Read access violation in the isiin_keyword function in isiin.c in | libbibutils.a in bibutils through 6.2 allows remote attackers to cause | a denial of service (application crash), as demonstrated by isi2xml. CVE-2018-10775[2]: | NULL pointer dereference in the _fields_add function in fields.c in | libbibcore.a in bibutils through 6.2 allows remote attackers to cause a | denial of service (application crash), as demonstrated by end2xml. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10773 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10773 [1] https://security-tracker.debian.org/tracker/CVE-2018-10774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10774 [2] https://security-tracker.debian.org/tracker/CVE-2018-10775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10775 Please adjust the affected versions in the BTS as needed. Salvatore
