Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 113e87fb by Salvatore Bonaccorso at 2019-01-19T22:11:18Z Add todo/note for CVE-2019-6256/liblivemedia The addition of 2018.11.26-1 was based on reproducibility of the issue. We have no proof yet on where the fix actually lies so add at least here a todo for further checking given the maintainers are confident the issue is fixed in the newest version. We would need to isolate the fix, and secondly pinpoint to the exact version adressing the issue in sid. - - - - - 9b37c29f by Salvatore Bonaccorso at 2019-01-19T22:12:16Z Revert "Triage results." This reverts commit 2558c51f7986177185e47a8e2f5fee3a1430f1ed. The issue was adressed in DLA-1632-1 for jessie, thus adding the <ignored> causes more confusion. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -639,6 +639,7 @@ CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder be CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Media ...) - liblivemedia 2018.11.26-1 (bug #919529) NOTE: https://github.com/rgaufman/live555/issues/19 + TODO: not entirely clear if 2018.11.26-1 is really the fixing version, cf. #919529 CVE-2019-6255 RESERVED CVE-2019-6254 @@ -13056,7 +13057,6 @@ CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_hea {DLA-1632-1} - libsndfile <unfixed> (bug #917416) [stretch] - libsndfile <no-dsa> (Minor issue) - [jessie] - libsndfile <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812 NOTE: https://github.com/erikd/libsndfile/issues/435 NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2558c51f7986177185e47a8e2f5fee3a1430f1ed...9b37c29fe1143f18ba20b7eb6e27b7be46c5fd3d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2558c51f7986177185e47a8e2f5fee3a1430f1ed...9b37c29fe1143f18ba20b7eb6e27b7be46c5fd3d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits