[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-9633/glib2.0

Wed Apr 3 13:33:32 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b50905da by Salvatore Bonaccorso at 2019-04-03T12:32:47Z
Update information on CVE-2019-9633/glib2.0

The issue was in 2.59.1 only and adressed in 2.59.2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3253,12 +3253,10 @@ CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.2
 	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77563
 CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...)
-	[experimental] - glib2.0 2.59.2-1
-	- glib2.0 <unfixed> (bug #924344)
-	[stretch] - glib2.0 <no-dsa> (Minor issue)
-	[jessie] - glib2.0 <no-dsa> (Minor issue; not reproducible)
+	- glib2.0 <not-affected> (Vulnerable code introduced in 2.59.1, cf #924344)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1649
 	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e (2.59.2)
+	NOTE: Issue only in 2.59.1 and fixed in 2.59.2.
 CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...)
 	NOT-FOR-US: ESAFENET CDG
 CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50905dad083cac056f6f265c68f8de101bbf3e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50905dad083cac056f6f265c68f8de101bbf3e8
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190403/0d0d6607/attachment.html>
