[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-8375 and CVE-2017-17821

Sat, 07 Sep 2019 12:28:39 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ef551fe by Salvatore Bonaccorso at 2019-09-07T19:27:10Z
Update information on CVE-2019-8375 and CVE-2017-17821

According the triage from Berto in
https://lists.debian.org/debian-security-tracker/2019/09/msg00002.html
those are fixed in 2.23.90 and 2.21.3. Marking those as fixed with the
first version in unstable following those and including the fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23257,7 +23257,7 @@ CVE-2019-8376 (An issue was discovered in Tcpreplay 
4.3.1. A NULL pointer derefe
        NOTE: https://github.com/appneta/tcpreplay/issues/537
        NOTE: Crash in a CLI tool, no security impact
 CVE-2019-8375 (The UIProcess subsystem in WebKit, as used in WebKitGTK through 
2.23.9 ...)
-       - webkit2gtk <unfixed> (unimportant)
+       - webkit2gtk 2.24.1-1 (unimportant)
        NOTE: 
https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531
        NOTE: https://trac.webkit.org/changeset/241515/webkit
        NOTE: https://www.inputzero.io/2019/02/fuzzing-webkit.html
@@ -89657,7 +89657,7 @@ CVE-2017-17823 (The Configuration component of Piwigo 
2.9.2 is vulnerable to SQL
 CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL 
Injection via  ...)
        - piwigo <removed>
 CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari 
Technology ...)
-       - webkit2gtk <unfixed> (unimportant)
+       - webkit2gtk 2.22.0-2 (unimportant)
        NOTE: https://bugs.webkit.org/show_bug.cgi?id=181020 (not public)
        NOTE: Not covered by security support
 CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in pp_l ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef551fe67fd78b72be4ee3ebd30ae1ab1c1dfc3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef551fe67fd78b72be4ee3ebd30ae1ab1c1dfc3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to