[Git][security-tracker-team/security-tracker][master] Add fixed version for glibc via unstable for three CVEs

Salvatore Bonaccorso carnil at debian.org
Tue Feb 5 19:48:27 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bcfed6f by Salvatore Bonaccorso at 2019-02-05T19:48:14Z
Add fixed version for glibc via unstable for three CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -303,7 +303,7 @@ CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integ
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b54e1fc3e0d2600621a28d50f9f085b9e38619c2
 CVE-2019-7309 (In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp ...)
-	- glibc <unfixed> (unimportant)
+	- glibc 2.28-6 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24155
 	NOTE: https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
 	NOTE: x32 not officially supported
@@ -2119,7 +2119,7 @@ CVE-2019-6501 [scsi-generic: possible OOB access while handling inquiry request]
 	NOTE: Code introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
 	NOTE: but but the overflow was already possible before.
 CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo ...)
-	- glibc <unfixed> (bug #920047)
+	- glibc 2.28-6 (bug #920047)
 	[stretch] - glibc <no-dsa> (Minor issue)
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
@@ -2163,7 +2163,7 @@ CVE-2018-20737
 CVE-2018-20736
 	RESERVED
 CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) through ...)
-	- glibc <unfixed> (unimportant)
+	- glibc 2.28-6 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097
 	NOTE: x32 not officially supported
 CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bcfed6f385367de6cf0c48b0a63d222e243165f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bcfed6f385367de6cf0c48b0a63d222e243165f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190205/a12f4496/attachment.html>

More information about the debian-security-tracker-commits mailing list