[Git][security-tracker-team/security-tracker][master] CVE-2018-20357/faad2: same as CVE-2018-20194

Hugo Lefeuvre hle at debian.org
Tue Aug 20 18:17:34 BST 2019



Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51fbc02e by Hugo Lefeuvre at 2019-08-20T17:15:09Z
CVE-2018-20357/faad2: same as CVE-2018-20194

Fixed in 2.8.8-2, and 2.7-8+deb8u2.

Update faad2 entry in dla-needed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -33468,10 +33468,11 @@ CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_p
 	NOTE: https://github.com/knik0/faad2/issues/31
 	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
-	- faad2 <unfixed> (low)
-	[buster] - faad2 <no-dsa> (Minor issue)
+	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
+	[jessie] - faad2 2.7-8+deb8u2
 	NOTE: https://github.com/knik0/faad2/issues/28
+	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1


=====================================
data/dla-needed.txt
=====================================
@@ -24,10 +24,10 @@ cups (Thorsten Alteholz)
 dnsmasq (Mike Gabriel)
 --
 faad2 (Hugo Lefeuvre)
-  NOTE: 20190819: Last PR pending review: https://github.com/knik0/faad2/pull/38
+  NOTE: 20190820: Last PR pending review: https://github.com/knik0/faad2/pull/38
   NOTE: Upload with recent patches will happen soon.
   NOTE: Still many open duplicates, currently triaging.
-  NOTE: temporary entry contains two different issues, one is CVE-2018-19502
+  NOTE: Requested CVE number for temporary entry.
 --
 freeimage
   NOTE: Maintainer will take care of the update.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51fbc02e6b520d49495bde31b82b329439959beb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51fbc02e6b520d49495bde31b82b329439959beb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/bd2cf1d4/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list