[Git][security-tracker-team/security-tracker][master] data/CVE/list: Update CVE-2018-20592 and CVE-2018-20593. Upstream simply...

Wed, 16 Jan 2019 07:39:12 -0800 

Mike Gabriel pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b50b3530 by Mike Gabriel at 2019-01-16T15:37:53Z
data/CVE/list: Update CVE-2018-20592 and CVE-2018-20593. Upstream simply 
removed mxmldoc from their upstream code tree.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6604,13 +6604,16 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is 
stack-based buffer overfl
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err
 (error output)
        NOTE: https://github.com/michaelrsweet/mxml/issues/237
+       NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code 
completely
 CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the 
mxmlAdd ...)
        - mxml <unfixed>
+        [jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err
 (error output)
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt
        NOTE: 
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err
 (error output)
        NOTE: https://github.com/michaelrsweet/mxml/issues/237
+       NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code 
completely
 CVE-2018-20591 (A heap-based buffer over-read was discovered in decompileJUMP 
function ...)
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/168



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b3530f6acc2cd42e86002d7fadb837ce73407

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b3530f6acc2cd42e86002d7fadb837ce73407
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to