[Git][security-tracker-team/security-tracker][master] Add fixed version for glibc via unstable for three CVEs

Tue, 05 Feb 2019 11:49:09 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3bcfed6f by Salvatore Bonaccorso at 2019-02-05T19:48:14Z
Add fixed version for glibc via unstable for three CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -303,7 +303,7 @@ CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer 
over-read (due to an integ
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/b54e1fc3e0d2600621a28d50f9f085b9e38619c2
 CVE-2019-7309 (In the GNU C Library (aka glibc or libc6) through 2.29, the 
memcmp ...)
-       - glibc <unfixed> (unimportant)
+       - glibc 2.28-6 (unimportant)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24155
        NOTE: https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
        NOTE: x32 not officially supported
@@ -2119,7 +2119,7 @@ CVE-2019-6501 [scsi-generic: possible OOB access while 
handling inquiry request]
        NOTE: Code introduced by 
https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
        NOTE: but but the overflow was already possible before.
 CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the 
getaddrinfo ...)
-       - glibc <unfixed> (bug #920047)
+       - glibc 2.28-6 (bug #920047)
        [stretch] - glibc <no-dsa> (Minor issue)
        [jessie] - glibc <no-dsa> (Minor issue)
        - eglibc <removed>
@@ -2163,7 +2163,7 @@ CVE-2018-20737
 CVE-2018-20736
        RESERVED
 CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) 
through ...)
-       - glibc <unfixed> (unimportant)
+       - glibc 2.28-6 (unimportant)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097
        NOTE: x32 not officially supported
 CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as 
TL-WDR5620 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bcfed6f385367de6cf0c48b0a63d222e243165f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bcfed6f385367de6cf0c48b0a63d222e243165f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to