[Git][security-tracker-team/security-tracker][master] CVE-2019-8904+CVE-2019-8906 are not in file in jessie+stretch

Thu, 28 Feb 2019 10:58:09 -0800 

Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7123894 by Adrian Bunk at 2019-02-28T18:57:25Z
CVE-2019-8904+CVE-2019-8906 are not in file in jessie+stretch

Introduced by upstream commit 0ac0678c52
(Print more info about NetBSD core files.)
and commit 76c55eae2
(Print the Go Build-ID like we do for other elf binaries).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -881,6 +881,8 @@ CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in 
file 5.35 allows remot
        NOTE: 
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an ...)
        - file <unfixed> (bug #922969)
+       [jessie] - file <not-affected> (vulnerable code introduced later)
+       [stretch] - file <not-affected> (vulnerable code introduced later)
        NOTE: https://bugs.astron.com/view.php?id=64
        NOTE: 
https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
 CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a 
stack-based ...)
@@ -889,6 +891,8 @@ CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in 
file 5.35 has a stack-
        NOTE: 
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a 
stack-based ...)
        - file <unfixed> (bug #922967)
+       [jessie] - file <not-affected> (vulnerable code introduced later)
+       [stretch] - file <not-affected> (vulnerable code introduced later)
        NOTE: https://bugs.astron.com/view.php?id=62
        NOTE: 
https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55
 CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path 
traversal. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to