Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5af94ab5 by Salvatore Bonaccorso at 2019-12-22T21:41:10Z
Several libonig issues fixed in untable via new upstream version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6204,7 +6204,7 @@ CVE-2019-19247 (Electronic Arts Origin through 10.5.x
allows Elevation of Privil
NOT-FOR-US: Electronic Arts Origin
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other
products, has ...)
{DLA-2020-1}
- - libonig <unfixed> (low; bug #946344)
+ - libonig 6.9.4-1 (low; bug #946344)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://bugs.php.net/bug.php?id=78559
@@ -6316,14 +6316,14 @@ CVE-2019-19205
RESERVED
CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In
the func ...)
{DLA-2020-1}
- - libonig <unfixed> (low; bug #945313)
+ - libonig 6.9.4-1 (low; bug #945313)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/162
NOTE:
https://github.com/kkos/oniguruma/commit/6eb4aca6a7f2f60f473580576d86686ed6a6ebec
(v6.9.4_rc2)
NOTE: Only exploitable with attacker-provided pattern
CVE-2019-19203 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In
the func ...)
- - libonig <unfixed> (low; bug #945312)
+ - libonig 6.9.4-1 (low; bug #945312)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
[jessie] - libonig <ignored> (Minor issue, not reproducible,
non-trivial backport)
@@ -6828,7 +6828,7 @@ CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17
allows an attacker to upl
NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in
regexec.c in On ...)
{DLA-2020-1}
- - libonig <unfixed> (low; bug #944959)
+ - libonig 6.9.4-1 (low; bug #944959)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/164
@@ -17447,7 +17447,7 @@ CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer
dereference in myhtml_tr
NOT-FOR-US: MyHTML
CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c
because of ...)
{DLA-1918-1}
- - libonig <unfixed> (low; bug #939988)
+ - libonig 6.9.4-1 (low; bug #939988)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/147
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af94ab54f2bf3add2267b649b5446d1dc44cd51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af94ab54f2bf3add2267b649b5446d1dc44cd51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
