[Git][security-tracker-team/security-tracker][master] new libvpx issues

Mon, 11 Nov 2019 03:12:30 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57833575 by Moritz Muehlenhoff at 2019-11-11T11:09:05Z
new libvpx issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31452,7 +31452,8 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of 
bounds read due to a mis
 CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a 
missing  ...)
        NOT-FOR-US: Android
 CVE-2019-9433 (In libvpx, there is a possible information disclosure due to 
improper  ...)
-       TODO: check
+       - libvpx 1.8.1-2
+       NOTE: 
https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to 
improper i ...)
        NOT-FOR-US: Android
 CVE-2019-9431 (In Bluetooth, there is a possible out of bounds read due to a 
use afte ...)
@@ -31576,7 +31577,13 @@ CVE-2019-9373 (In JobStore, there is a mismatched 
serialization/deserialization
 CVE-2019-9372 (In libskia, there is a possible crash due to a missing null 
check. Thi ...)
        TODO: check
 CVE-2019-9371 (In libvpx, there is a possible resource exhaustion due to 
improper inp ...)
-       TODO: check
+       - libvpx 1.8.1-2
+       NOTE: Commits in libwebm:
+       NOTE: 
https://chromium.googlesource.com/webm/libwebm/+/027a472efe49ff3a24be619442d2150658dbaaa0
+       NOTE: 
https://chromium.googlesource.com/webm/libwebm/+/cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
+       NOTE: Sync to libvpx via:
+       NOTE: 
https://github.com/webmproject/libvpx/commit/34d54b04e98dd0bac32e9aab0fbda0bf501bc742
+       NOTE: 
https://github.com/webmproject/libvpx/commit/f00890eecdf8365ea125ac16769a83aa6b68792d
 CVE-2019-9370 (In sonivox, there is a possible out of bounds read due to an 
incorrect ...)
        NOT-FOR-US: Android
 CVE-2019-9369 (In Bluetooth, there is a use of uninitialized variable. This 
could lea ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/578335759e355a7f741d195a7388706ebb58eac8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/578335759e355a7f741d195a7388706ebb58eac8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to