Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 

6b3c0cf3 by Salvatore Bonaccorso at 2020-03-25T21:23:11+01:00
Reference commit for CVE-2018-6952/patch

- - - - -
4601ac6c by Salvatore Bonaccorso at 2020-03-25T21:25:43+01:00
Add information on CVE-2019-20633/patch

- - - - -

1 changed file:

- data/CVE/list


@@ -17,7 +17,8 @@ CVE-2020-10944
 CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double 
Free vul ...)
-       TODO: check
+       - patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
+       NOTE:
 CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in 
drivers/vhost/net. ...)
        - linux <unfixed>
        NOTE: (5.6-rc4)
@@ -116793,6 +116794,9 @@ CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV 
does not verify whether a cer
 CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in 
GNU patc ...)
        - patch <unfixed> (unimportant)
+       NOTE:
+       NOTE: When fixing this issue make sure to not apply only the incomplete 
+       NOTE: and opening CVE-2019-20633, cf.
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a 
segment ...)
        - patch <unfixed> (unimportant)

View it on GitLab:

View it on GitLab:
You're receiving this email because of your account on

debian-security-tracker-commits mailing list

Reply via email to