[Git][security-tracker-team/security-tracker][master] CVE-2018-4022/mkvtoolnix does not affect stretch
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 18 20:06:42 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8095484 by Salvatore Bonaccorso at 2018-11-18T20:04:50Z
CVE-2018-4022/mkvtoolnix does not affect stretch
The problematic code was introduced for kax_file.cpp (deleting 'l2'
unconditionally) only in release 23.0.0. Before that the code did not
have the problem. The second part of the problem in the MKVToolNix GUI's
"info" tool was only introduced in release 21.0.0.
Mark stretch as not-affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41117,6 +41117,7 @@ CVE-2018-4023
RESERVED
CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVINFO ...)
- mkvtoolnix 28.2.0-1
+ [stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
[jessie] - mkvtoolnix <not-affected> (vulnerable code is not present)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
NOTE: https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f80954849f01103adb21aeb8b34130acd258409a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f80954849f01103adb21aeb8b34130acd258409a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181118/cec71eb3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list