Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3de037f8 by Thorsten Alteholz at 2019-11-27T21:35:31Z
these will be fixed
- - - - -
03db6173 by Thorsten Alteholz at 2019-11-27T21:35:32Z
this is issue #2335 which is fixed by a different commit
- - - - -
732e76b5 by Thorsten Alteholz at 2019-11-27T21:36:08Z
Reserve DLA-2013-1 for libvorbis
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -82958,7 +82958,6 @@ CVE-2018-10394
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-b ...)
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
- [jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
NOTE: Fixed by:
https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -82966,11 +82965,9 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in
Xiph.Org libvorbis 1.3.6 has a s
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6
does not va ...)
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
- [jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
- NOTE: Fixed by:
https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
- NOTE: Same patch as for CVE-2017-14160
+ NOTE: Fixed by:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via
the email ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-10390
@@ -122108,7 +122105,6 @@ CVE-2017-14165 (The ReadSUNImage function in
coders/sun.c in GraphicsMagick 1.3.
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org
libvorbis 1.3.5 ...)
- libvorbis 1.3.6-2 (bug #876780)
[stretch] - libvorbis <no-dsa> (Minor issue)
- [jessie] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once
fixed upstream)
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2019] DLA-2013-1 libvorbis - security update
+ {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+ [jessie] - libvorbis 1.3.4-2+deb8u2
[26 Nov 2019] DLA-2012-1 libvpx - security update
{CVE-2019-9232 CVE-2019-9433}
[jessie] - libvpx 1.3.0-3+deb8u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab6a186cf0f14143a07577eee96352e52946d0e9...732e76b555ff1e8194205d1e1b989f9000c60348
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab6a186cf0f14143a07577eee96352e52946d0e9...732e76b555ff1e8194205d1e1b989f9000c60348
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
