[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-16839/curl

Salvatore Bonaccorso carnil at debian.org
Wed Oct 31 09:51:20 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65cb1250 by Salvatore Bonaccorso at 2018-10-31T09:50:27Z
Add CVE-2018-16839/curl

- - - - -
cac5b859 by Salvatore Bonaccorso at 2018-10-31T09:50:53Z
Add fixed by string for consistency with other curl entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4887,7 +4887,7 @@ CVE-2018-16842 [warning message out-of-buffer read]
 	RESERVED
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
-	NOTE: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
+	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
 CVE-2018-16841
 	RESERVED
 CVE-2018-16840 [use-after-free in handle close]
@@ -4896,8 +4896,11 @@ CVE-2018-16840 [use-after-free in handle close]
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
 	NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
-CVE-2018-16839
+CVE-2018-16839 [SASL password overflow via integer overflow]
 	RESERVED
+	- curl <unfixed>
+	NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
+	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
 CVE-2018-16838
 	RESERVED
 CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/48ccd27756735b4b505e729d360e072bf069c35f...cac5b8596e9e3c143a1ce8b24af2fe528a79dc98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/48ccd27756735b4b505e729d360e072bf069c35f...cac5b8596e9e3c143a1ce8b24af2fe528a79dc98
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181031/99ca80d1/attachment.html>

More information about the debian-security-tracker-commits mailing list