Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69b2ca98 by Salvatore Bonaccorso at 2019-07-25T15:42:03Z
Add notes on CVE-2019-14249/dwarfutils
Possibly this issue only affects versions after 20190505 where upstream
commit introduced the new code handling in the dwarf_elf_load_headers.c
file which is not present in versions up to the current one in unstable
(20180809-1).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,6 +28,8 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before
2019-07-05 allows at
- dwarfutils <unfixed> (low)
[buster] - dwarfutils <no-dsa> (Minor issue)
[stretch] - dwarfutils <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
+ NOTE: Fixed by:
https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c
allows ...)
- nasm <unfixed> (unimportant; bug #932907)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b2ca98c9576279022047953e27fce122c2ddad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b2ca98c9576279022047953e27fce122c2ddad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
