UbuntuUpdates.org

Package "vcftools"

Name: vcftools

Description:

Collection of tools to work with VCF files

Latest version: 0.1.14+dfsg-2ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: https://vcftools.github.io/

Links


Download "vcftools"


Other versions of "vcftools" in Xenial

Repository Area Version
base universe 0.1.14+dfsg-2
security universe 0.1.14+dfsg-2ubuntu0.1

Changelog

Version: 0.1.14+dfsg-2ubuntu0.1 2019-05-13 20:06:29 UTC

  vcftools (0.1.14+dfsg-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe memory handling
    - debian/patches/CVE-2018-11099_11129-11130-1.patch: Added error if
      entries fail length expectations
    - debian/patches/CVE-2018-11099_11129-11130-2.patch: Additional tokenize
      checks
    - debian/patches/CVE-2018-11099_11129-11130-3.patch: Just warning, don't
      fail, if tokens don't meet expectations
    - CVE-2018-11099
    - CVE-2018-11129
    - CVE-2018-11130

 -- Mike Salvatore <email address hidden> Fri, 10 May 2019 11:46:15 -0400

CVE-2018-11099 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer
CVE-2018-11129 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or po
CVE-2018-11130 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or



About   -   Send Feedback to @ubuntu_updates