[Git][security-tracker-team/security-tracker][master] 2 commits: Add todo/note for CVE-2019-6256/liblivemedia

Sat, 19 Jan 2019 14:14:11 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
113e87fb by Salvatore Bonaccorso at 2019-01-19T22:11:18Z
Add todo/note for CVE-2019-6256/liblivemedia

The addition of 2018.11.26-1 was based on reproducibility of the issue.
We have no proof yet on where the fix actually lies so add at least here
a todo for further checking given the maintainers are confident the
issue is fixed in the newest version.

We would need to isolate the fix, and secondly pinpoint to the exact
version adressing the issue in sid.

- - - - -
9b37c29f by Salvatore Bonaccorso at 2019-01-19T22:12:16Z
Revert "Triage results."

This reverts commit 2558c51f7986177185e47a8e2f5fee3a1430f1ed.

The issue was adressed in DLA-1632-1 for jessie, thus adding the
<ignored> causes more confusion.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -639,6 +639,7 @@ CVE-2019-6257 (A Server Side Request Forgery (SSRF) 
vulnerability in elFinder be
 CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 
Streaming Media ...)
        - liblivemedia 2018.11.26-1 (bug #919529)
        NOTE: https://github.com/rgaufman/live555/issues/19
+       TODO: not entirely clear if 2018.11.26-1 is really the fixing version, 
cf. #919529
 CVE-2019-6255
        RESERVED
 CVE-2019-6254
@@ -13056,7 +13057,6 @@ CVE-2018-19758 (There is a heap-based buffer over-read 
at wav.c in wav_write_hea
        {DLA-1632-1}
        - libsndfile <unfixed> (bug #917416)
        [stretch] - libsndfile <no-dsa> (Minor issue)
-       [jessie] - libsndfile <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
        NOTE: https://github.com/erikd/libsndfile/issues/435
        NOTE: 
https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2558c51f7986177185e47a8e2f5fee3a1430f1ed...9b37c29fe1143f18ba20b7eb6e27b7be46c5fd3d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2558c51f7986177185e47a8e2f5fee3a1430f1ed...9b37c29fe1143f18ba20b7eb6e27b7be46c5fd3d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to