[Git][security-tracker-team/security-tracker][master] CVE-2018-20357/faad2: same as CVE-2018-20194
Hugo Lefeuvre
hle at debian.org
Tue Aug 20 18:17:34 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51fbc02e by Hugo Lefeuvre at 2019-08-20T17:15:09Z
CVE-2018-20357/faad2: same as CVE-2018-20194
Fixed in 2.8.8-2, and 2.7-8+deb8u2.
Update faad2 entry in dla-needed.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -33468,10 +33468,11 @@ CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_p
NOTE: https://github.com/knik0/faad2/issues/31
NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
- - faad2 <unfixed> (low)
- [buster] - faad2 <no-dsa> (Minor issue)
+ - faad2 2.8.8-2 (low)
[stretch] - faad2 <no-dsa> (Minor issue)
+ [jessie] - faad2 2.7-8+deb8u2
NOTE: https://github.com/knik0/faad2/issues/28
+ NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
=====================================
data/dla-needed.txt
=====================================
@@ -24,10 +24,10 @@ cups (Thorsten Alteholz)
dnsmasq (Mike Gabriel)
--
faad2 (Hugo Lefeuvre)
- NOTE: 20190819: Last PR pending review: https://github.com/knik0/faad2/pull/38
+ NOTE: 20190820: Last PR pending review: https://github.com/knik0/faad2/pull/38
NOTE: Upload with recent patches will happen soon.
NOTE: Still many open duplicates, currently triaging.
- NOTE: temporary entry contains two different issues, one is CVE-2018-19502
+ NOTE: Requested CVE number for temporary entry.
--
freeimage
NOTE: Maintainer will take care of the update.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51fbc02e6b520d49495bde31b82b329439959beb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51fbc02e6b520d49495bde31b82b329439959beb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/bd2cf1d4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list