[Git][security-tracker-team/security-tracker][master] ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage

Thu, 11 Apr 2019 03:48:48 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9071f1f4 by Sylvain Beucler at 2019-04-11T10:46:39Z
ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29892,9 +29892,8 @@ CVE-2018-19218 (In LibSass 3.5-stable, there is an 
illegal address access at Sas
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
 CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the 
function _n ...)
        - ncurses <undetermined>
+       [jessie] - ncurses <not-affected> (not reproducible)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
-       NOTE: Possible duplicate: 
https://bugzilla.redhat.com/show_bug.cgi?id=1643754
-       NOTE: On Jessie poc0 does not trigger a segfault, poc1 does (with both 
5.9 and recompiled 6.1)
 CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free 
in detoke ...)
        - nasm 2.13.02-0.1
        [stretch] - nasm <no-dsa> (Minor issue)
@@ -29920,7 +29919,10 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there 
is an abort caused by libwe
        NOT-FOR-US: libwebm
        NOTE: Chromium and qtwebengine bundle the library, but not a security 
issue there
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at 
function _nc_pa ...)
-       NOTE: Duplicate of CVE-2018-10754
+       - ncurses 6.1+20180714-1
+       [jessie] - ncurses <ignored> (Minor issue; NULL dereference / clean 
crash; local)
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
+       NOTE: fixed in ncurses-6.1-20180414.patch.gz from 
https://invisible-mirror.net/archives/ncurses/6.1/dev-patches.zip
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the 
TIFFWrite ...)
        {DLA-1680-1}
        - tiff 4.0.10-4 (bug #913675)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to