[Git][security-tracker-team/security-tracker][master] Update CVE-2019-3883/389-ds-base information on fix

Wed, 11 Sep 2019 12:31:25 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14696a89 by Salvatore Bonaccorso at 2019-09-11T19:28:06Z
Update CVE-2019-3883/389-ds-base information on fix

Furthermore the original fix was causing regressions so it was reverted
and new fixed applied.

DLA-1779-1 seems to contain the original patch only which was reverted,
so this might need to be double-checked for 389-ds-base in jessie.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34397,12 +34397,20 @@ CVE-2019-3884 (A vulnerability exists in the garbage 
collection mechanism of ato
        NOT-FOR-US: atomic-openshift
 CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by 
workers  ...)
        {DLA-1779-1}
-       - 389-ds-base <unfixed> (bug #927939)
+       - 389-ds-base 1.4.1.5-1 (bug #927939)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
        NOTE: https://pagure.io/389-ds-base/issue/50329
        NOTE: https://pagure.io/389-ds-base/c/4d9cc24da (master)
        NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
        NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
+       NOTE: Patch was applied upstream but then reverted again, as it 
introduces
+       NOTE: regressions:
+       NOTE: 
https://pagure.io/389-ds-base/c/f35ad37100ab5915445d6d37f8921dd46f83656e
+       NOTE: Fixed properly via:
+       NOTE: https://pagure.io/389-ds-base/pull-request/50398
+       NOTE: 
https://pagure.io/389-ds-base/c/f20e982c68a700b5ba2c41e5b6f3cdeb5fcb5fab 
(389-ds-base-1.4.1.4)
+       NOTE: 
https://pagure.io/389-ds-base/c/7b0e7f6f51f6a117f6a40aa3967cad656eafb811 
(389-ds-base-1.4.0.24)
+       NOTE: 
https://pagure.io/389-ds-base/c/33ac4f5a78d1a42385d1c011d88cef26771e99f5 
(389-ds-base-1.3.9 branch)
 CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface 
implementation t ...)
        {DSA-4497-1 DLA-1885-1 DLA-1799-1}
        - linux 4.19.37-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14696a899ba86bea6058f858d6b59d7564c3027a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14696a899ba86bea6058f858d6b59d7564c3027a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to