[Git][security-tracker-team/security-tracker][master] ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage

Sylvain Beucler beuc at debian.org
Thu Apr 11 11:48:24 BST 2019



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9071f1f4 by Sylvain Beucler at 2019-04-11T10:46:39Z
ncurses/CVE-2018-19211,CVE-2018-19217: de-dup, jessie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29892,9 +29892,8 @@ CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sas
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
 CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function _n ...)
 	- ncurses <undetermined>
+	[jessie] - ncurses <not-affected> (not reproducible)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
-	NOTE: Possible duplicate: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
-	NOTE: On Jessie poc0 does not trigger a segfault, poc1 does (with both 5.9 and recompiled 6.1)
 CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...)
 	- nasm 2.13.02-0.1
 	[stretch] - nasm <no-dsa> (Minor issue)
@@ -29920,7 +29919,10 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
 	NOT-FOR-US: libwebm
 	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
-	NOTE: Duplicate of CVE-2018-10754
+	- ncurses 6.1+20180714-1
+	[jessie] - ncurses <ignored> (Minor issue; NULL dereference / clean crash; local)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
+	NOTE: fixed in ncurses-6.1-20180414.patch.gz from https://invisible-mirror.net/archives/ncurses/6.1/dev-patches.zip
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
 	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #913675)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9071f1f4e5e65044c6c20b40269b87c12ecf9acf
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/3f57e6f3/attachment.html>


More information about the debian-security-tracker-commits mailing list