<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f6f4ff96f6fef53e09a7a4655ff43af474beb5">18f6f4ff</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-01-17T22:38:06+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update entries for CVE-2019-20168 and CVE-2019-20169

As the "PoC does not crash" cannot as sole argument be taken for a

not-affected but there was quite some effort put in triaging those I did

not want to revert to unfixed state based on that.

I tried to dig further into the issues to try to find out where exactly

the issue was introduced.

For CVE-2019-20168 the PoC makes the vulnerability visible at least

starting in v0.8.0, the use_dump_mode still was already introduced

earlier (in v0.7.0).

For CVE-2019-20169 the PoC makes at least the issue immediately visible

with the 9ea1fb398916 ("made isobmf dump use source box order") and the

fix applied by upstream directly refers to it. This was verified by

directly bisecting the git repository with telp of the PoC and further

checking the affected code paths.

The end-result is still not fully satisfactory, so further reviewers

take it from here please. CVE-2019-20169 seem good covered,

CVE-2019-20168 might want to need some additional verifications.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f6f4ff96f6fef53e09a7a4655ff43af474beb5#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f6f4ff96f6fef53e09a7a4655ff43af474beb5">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/18f6f4ff96f6fef53e09a7a4655ff43af474beb5"}}</script>

</p>

</div>

</body>

</html>