Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: b21461ae by Markus Koschany at 2019-07-17T00:42:14Z CVE-2019-13225,libonig: Jessie is not affected. The vulnerable code was introduced later. This was confirmed by upstream in https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c#commitcomment-34298393 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1893,6 +1893,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguru - libonig 6.9.2-1 (low; bug #931878) [buster] - libonig <no-dsa> (Minor issue) [stretch] - libonig <no-dsa> (Minor issue) + [jessie] - libonig <not-affected> (vulnerable code was introduced later) NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...) - libonig 6.9.2-1 (low; bug #931878) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b21461aee2a89ffd1988e8aa314342adc72ae097 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b21461aee2a89ffd1988e8aa314342adc72ae097 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
