[Git][security-tracker-team/security-tracker][master] 7 commits: Add CVE-2018-16890/curl

Wed Feb 6 10:30:29 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a795181 by Salvatore Bonaccorso at 2019-02-06T10:15:21Z
Add CVE-2018-16890/curl

- - - - -
7feb440c by Salvatore Bonaccorso at 2019-02-06T10:16:28Z
Add CVE-2019-3822/curl

- - - - -
8503ef5a by Salvatore Bonaccorso at 2019-02-06T10:17:46Z
Add CVE-2019-3823/curl

- - - - -
93c2033b by Salvatore Bonaccorso at 2019-02-06T10:24:39Z
Add introducing commit for CVE-2018-16890

- - - - -
c2d1c86d by Salvatore Bonaccorso at 2019-02-06T10:25:43Z
Add introducing commit for CVE-2019-3822

- - - - -
8cb97762 by Salvatore Bonaccorso at 2019-02-06T10:26:45Z
Add introducing commit for CVE-2019-3823

- - - - -
e97028fb by Salvatore Bonaccorso at 2019-02-06T10:29:17Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8127,12 +8127,14 @@ CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read]
 	RESERVED
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
-	NOTE: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
+	NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
+	NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
 CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow]
 	RESERVED
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
-	NOTE: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
+	NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
+	NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
 CVE-2019-3821
 	RESERVED
 CVE-2019-3820 [partial lock screen bypass]
@@ -25759,7 +25761,8 @@ CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read]
 	RESERVED
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
-	NOTE: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
+	NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
+	NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
 CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging for ...)
 	- ceph <unfixed> (low; bug #918969)
 	[stretch] - ceph <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/496d56e65eb3e7d0b32f6c17c67e671961b77f09...e97028fba9694bed83f697347d9d1a03f0f30410

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/496d56e65eb3e7d0b32f6c17c67e671961b77f09...e97028fba9694bed83f697347d9d1a03f0f30410
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/99293523/attachment.html>
