[Git][security-tracker-team/security-tracker][master] 2 commits: Add additional references for CVE-2018-19760/confuse

Salvatore Bonaccorso carnil at debian.org
Sun Dec 16 11:02:54 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f74dc8e2 by Salvatore Bonaccorso at 2018-12-16T11:00:19Z
Add additional references for CVE-2018-19760/confuse

- - - - -
64d079db by Salvatore Bonaccorso at 2018-12-16T11:02:15Z
Mark CVE-2018-19760/confuse as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4675,10 +4675,12 @@ CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function:
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: ...)
 	TODO: check
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
-	- confuse <unfixed> (low)
-	[stretch] - confuse <no-dsa> (Minor issue)
-	[jessie] - confuse <no-dsa> (Minor issue)
+	- confuse <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649152
+	NOTE: https://github.com/martinh/libconfuse/issues/120
+	NOTE: https://github.com/martinh/libconfuse/commit/5f0e9ea4213d4047649c462e4f1b59a082af58e2
+	NOTE: Issue caused by premature exit without cleanup on an error in the caller
+	NOTE: not in the library; Negligible security impact in itself and disputed.
 CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
 	TODO: check
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ab962cbe33d41ea9c49678a36b3fd065e9ba188...64d079db59cdccab91d0822c58bc1ccb205f4355

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6ab962cbe33d41ea9c49678a36b3fd065e9ba188...64d079db59cdccab91d0822c58bc1ccb205f4355
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181216/e70b614d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list