[Git][security-tracker-team/security-tracker][master] Add CVE-2019-18388 and CVE-2019-18390 for virglrenderer

Mon, 23 Dec 2019 13:36:31 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eca49dcd by Salvatore Bonaccorso at 2019-12-23T21:35:17Z
Add CVE-2019-18388 and CVE-2019-18390 for virglrenderer

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10738,13 +10738,19 @@ CVE-2019-18391 (A heap-based buffer overflow in the 
vrend_renderer_transfer_writ
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
 CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function 
in vrend ...)
-       TODO: check
+       - virglrenderer 0.8.1-1
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
+       NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
+       NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
 CVE-2019-18389 (A heap-based buffer overflow in the 
vrend_renderer_transfer_write_iov  ...)
        - virglrenderer 0.8.1-1 (bug #946942)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
 CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in 
virglrenderer throug ...)
-       TODO: check
+       - virglrenderer 0.8.1-1
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
+       NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
+       NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
 CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is 
vulnerable to  ...)
        NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
 CVE-2019-18386



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eca49dcdde2c108b65a05b30f8f3c1b0a64b1064

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eca49dcdde2c108b65a05b30f8f3c1b0a64b1064
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to