[Git][security-tracker-team/security-tracker][master] ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage
Sylvain Beucler
beuc at debian.org
Thu Apr 11 11:48:24 BST 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9071f1f4 by Sylvain Beucler at 2019-04-11T10:46:39Z
ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29892,9 +29892,8 @@ CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sas
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function _n ...)
- ncurses <undetermined>
+ [jessie] - ncurses <not-affected> (not reproducible)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
- NOTE: Possible duplicate: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
- NOTE: On Jessie poc0 does not trigger a segfault, poc1 does (with both 5.9 and recompiled 6.1)
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...)
- nasm 2.13.02-0.1
[stretch] - nasm <no-dsa> (Minor issue)
@@ -29920,7 +29919,10 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
NOT-FOR-US: libwebm
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
- NOTE: Duplicate of CVE-2018-10754
+ - ncurses 6.1+20180714-1
+ [jessie] - ncurses <ignored> (Minor issue; NULL dereference / clean crash; local)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
+ NOTE: fixed in ncurses-6.1-20180414.patch.gz from https://invisible-mirror.net/archives/ncurses/6.1/dev-patches.zip
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
{DLA-1680-1}
- tiff 4.0.10-4 (bug #913675)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/3f57e6f3/attachment.html>
More information about the debian-security-tracker-commits
mailing list