Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf468a66 by Salvatore Bonaccorso at 2020-06-30T20:53:52+02:00
Update information on CVE-2019-20052
If the triage is correct, and the vulnerability never in any Debian
released version then <not-affected> is correct. 1.5.2-3 should not be
used here as this would mean that the issu was fixed with the unstable
upload as 1.5.2-3 done in unstable and affecting earlier versions than
that.
Under above assumption, which seem to match as well upstream's
assessment mark it as not-affected with noting that the vulnerbility was
introduced later.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29429,9 +29429,8 @@ CVE-2019-20053 (An invalid memory address dereference
was discovered in the canU
NOTE: https://github.com/upx/upx/issues/314
NOTE:
https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in
matio 1.5.17 ...)
- - libmatio 1.5.2-3
+ - libmatio <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/tbeu/matio/issues/131
- NOTE: Vulnerability was not in any released version
CVE-2019-20051 (A floating-point exception was discovered in
PackLinuxElf::elf_hash in ...)
- upx-ucl 3.96-1 (unimportant)
NOTE: https://github.com/upx/upx/issues/313
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf468a66053dcce8ad66e08fd9e7768e35c20336
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf468a66053dcce8ad66e08fd9e7768e35c20336
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
