Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
391fef27 by Moritz Muehlenhoff at 2022-07-11T23:21:42+02:00
libmatio, nouveau non issues
mark old opencv report as NFU for Android, Android never really gave any
information
it's most probably bogus anyway
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -182990,12 +182990,9 @@ CVE-2019-20020 (A stack-based buffer over-read was
discovered in ReadNextStructF
[jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/128
CVE-2019-20019 (An attempted excessive memory allocation was discovered in
Mat_VarRead ...)
- - libmatio <unfixed>
- [bullseye] - libmatio <no-dsa> (Minor issue)
- [buster] - libmatio <no-dsa> (Minor issue)
- [stretch] - libmatio <no-dsa> (Minor issue)
- [jessie] - libmatio <no-dsa> (Minor issue)
+ - libmatio <unfixed> (unimportant)
NOTE: https://github.com/tbeu/matio/issues/130
+ NOTE: Negligible security impact
CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell
in mat5. ...)
[experimental] - libmatio 1.5.18-1
- libmatio 1.5.19-2
@@ -221434,7 +221431,6 @@ CVE-2019-10104 (In several JetBrains IntelliJ IDEA
Ultimate versions, an Applica
- intellij-idea <itp> (bug #747616)
CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS
Client/J ...)
- intellij-idea <itp> (bug #747616)
- - intellij-community-idea <undetermined>
CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving
artifacts using ...)
- kotlin <not-affected> (Fixed before initial upload to Debian)
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before
1.8.1.3, it wa ...)
@@ -224494,8 +224490,7 @@ CVE-2019-9425 (In Bluetooth, there is a possible out
of bounds read due to a mis
CVE-2019-9424 (In the Screen Lock, there is a possible information disclosure
due to ...)
NOT-FOR-US: Android
CVE-2019-9423 (In opencv calls that use libpng, there is a possible out of
bounds wri ...)
- - opencv <undetermined>
- NOTE: Currently no further information available
+ NOT-FOR-US: Android
CVE-2019-9422 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
NOT-FOR-US: Android
CVE-2019-9421 (In libandroidfw, there is a possible OOB read due to an integer
overfl ...)
@@ -292900,12 +292895,9 @@ CVE-2018-3981 (An exploitable out-of-bounds write
exists in the TIFF-parsing fun
CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing
function ...)
NOT-FOR-US: Canvas Draw
CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the
Nouveau ...)
- - xserver-xorg-video-nouveau <unfixed> (low)
- [bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
- [buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
- [stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
- [jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
+ - xserver-xorg-video-nouveau <unfixed> (unimportant)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647
+ NOTE: Nouveau is a reverse-engineered, best effort driver, negligible
security impact
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the
Word Do ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF
image re ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391fef271d0897389daf517a4c516f2536db6077
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391fef271d0897389daf517a4c516f2536db6077
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
