Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: e7123894 by Adrian Bunk at 2019-02-28T18:57:25Z CVE-2019-8904+CVE-2019-8906 are not in file in jessie+stretch Introduced by upstream commit 0ac0678c52 (Print more info about NetBSD core files.) and commit 76c55eae2 (Print the Go Build-ID like we do for other elf binaries). - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -881,6 +881,8 @@ CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remot NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an ...) - file <unfixed> (bug #922969) + [jessie] - file <not-affected> (vulnerable code introduced later) + [stretch] - file <not-affected> (vulnerable code introduced later) NOTE: https://bugs.astron.com/view.php?id=64 NOTE: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...) @@ -889,6 +891,8 @@ CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack- NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...) - file <unfixed> (bug #922967) + [jessie] - file <not-affected> (vulnerable code introduced later) + [stretch] - file <not-affected> (vulnerable code introduced later) NOTE: https://bugs.astron.com/view.php?id=62 NOTE: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55 CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits