[Git][security-tracker-team/security-tracker][master] 2 commits: Reference commit for CVE-2018-6952/patch

Wed, 25 Mar 2020 13:27:19 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b3c0cf3 by Salvatore Bonaccorso at 2020-03-25T21:23:11+01:00
Reference commit for CVE-2018-6952/patch

- - - - -
4601ac6c by Salvatore Bonaccorso at 2020-03-25T21:25:43+01:00
Add information on CVE-2019-20633/patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,8 @@ CVE-2020-10944
 CVE-2020-10943
        RESERVED
 CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double 
Free vul ...)
-       TODO: check
+       - patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
+       NOTE: https://savannah.gnu.org/bugs/index.php?56683
 CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in 
drivers/vhost/net. ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
@@ -116793,6 +116794,9 @@ CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV 
does not verify whether a cer
 CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in 
GNU patc ...)
        - patch <unfixed> (unimportant)
        NOTE: https://savannah.gnu.org/bugs/index.php?53133
+       NOTE: 
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
+       NOTE: When fixing this issue make sure to not apply only the incomplete 
fix,
+       NOTE: and opening CVE-2019-20633, cf. 
https://savannah.gnu.org/bugs/index.php?56683
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a 
segment ...)
        - patch <unfixed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ee8543e83f7baebae81a07d4d22896d3370763f...4601ac6c34ec83846a1c509338afe7cdf23f6f84

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ee8543e83f7baebae81a07d4d22896d3370763f...4601ac6c34ec83846a1c509338afe7cdf23f6f84
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to