[Git][security-tracker-team/security-tracker][master] xpdf, binutils triage
Moritz Muehlenhoff
jmm at debian.org
Mon Aug 5 17:07:51 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3c491f7 by Moritz Muehlenhoff at 2019-08-05T16:07:18Z
xpdf, binutils triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1063,6 +1063,7 @@ CVE-2019-14445
CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24829
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
NOTE: binutils not covered by security support
CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in range_decod ...)
- libav <removed>
@@ -1458,15 +1459,21 @@ CVE-2019-14295 (An Integer overflow in the getElfSections function in p_vmlinx.c
NOTE: https://github.com/upx/upx/commit/58b122d97da1e02dfec24b10b6b8f56218b5622c
NOTE: https://github.com/upx/upx/commit/6a53c0b3d499d62346a5c51034db543a4ef78ea3
CVE-2019-14294 (An issue was discovered in Xpdf 4.01.01. There is a use-after-free in ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f7990386d268a444c297958e9c50ed27a0825a00
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/2c0f70afff03798165c2b609e115dc7e9c034c57
CVE-2019-14293 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14292 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14291 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14290 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
- TODO: check
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14289 (An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...)
TODO: check
CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...)
@@ -5643,7 +5650,7 @@ CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_en
NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66
NOTE: Issue is similar to CVE-2018-6616.
CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24689
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
NOTE: binutils not covered by security support
@@ -16713,37 +16720,35 @@ CVE-2018-20786 (libvterm through 0+bzr726, as used in Vim and other products, mi
NOTE: MISC:https://github.com/vim/vim/issues/3711
NOTE: No security impact
CVE-2019-9077 (An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24243
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7fc0c668f2aceb8582d74db1ad2528e2bba8a921
NOTE: binutils not covered by security support
CVE-2019-9076 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ NOTE: Disputed by binutils upstream, not considered a bug
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24238
- NOTE: binutils not covered by security support
CVE-2019-9075 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24236
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49
NOTE: binutils not covered by security support
CVE-2019-9074 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24235
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=179f2db0d9c397d7dd8a59907b84208b79f7f48c
NOTE: binutils not covered by security support
CVE-2019-9073 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24233
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7d272a55caebfc26ab2e15d1e9439bac978b9bb7
NOTE: binutils not covered by security support
CVE-2019-9072 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ NOTE: Disputed by binutils upstream, not considered a bug
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24232
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24237
- NOTE: binutils not covered by security support
CVE-2019-9071 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
NOTE: binutils not covered by security support
@@ -30205,7 +30210,7 @@ CVE-2018-20653
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...)
NOT-FOR-US: tinyexr
CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
NOTE: binutils not covered by security support
@@ -35522,7 +35527,7 @@ CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a sta
CVE-2018-20003
RESERVED
CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23952
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
NOTE: binutils not covered by security support
@@ -42853,12 +42858,12 @@ CVE-2018-18703 (PhpTpoint Mailing Server Using File Handling 1.0 suffers from mu
CVE-2018-18702 (spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.ph ...)
NOT-FOR-US: iCMS
CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
NOTE: binutils not covered by security support
CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
NOTE: binutils not covered by security support
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3c491f71b2171780ad2f201df9dc918b170172b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c3c491f71b2171780ad2f201df9dc918b170172b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/8e54936b/attachment.html>
More information about the debian-security-tracker-commits
mailing list