[Git][security-tracker-team/security-tracker][master] Track fixes for various CVEs for libsndfile via unstable
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 12 21:13:41 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
800f4614 by Salvatore Bonaccorso at 2019-02-12T21:13:11Z
Track fixes for various CVEs for libsndfile via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16358,7 +16358,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
TODO: check
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
{DLA-1632-1}
- - libsndfile <unfixed> (bug #917416)
+ - libsndfile 1.0.28-5 (bug #917416)
[stretch] - libsndfile <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
NOTE: https://github.com/erikd/libsndfile/issues/435
@@ -16570,14 +16570,14 @@ CVE-2018-19663
RESERVED
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low)
+ - libsndfile 1.0.28-5 (low)
[stretch] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low)
+ - libsndfile 1.0.28-5 (low)
[stretch] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
@@ -70063,7 +70063,7 @@ CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to
NOTE: https://github.com/kubernetes/kubernetes/issues/60813
CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low; bug #884735)
+ - libsndfile 1.0.28-5 (low; bug #884735)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/344
@@ -70071,7 +70071,7 @@ CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 m
NOTE: Might be a duplicate of CVE-2017-14245/CVE-2017-14246
CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low; bug #884735)
+ - libsndfile 1.0.28-5 (low; bug #884735)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/344
@@ -81678,7 +81678,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord
NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...)
{DLA-1618-1}
- - libsndfile <unfixed> (bug #876783)
+ - libsndfile 1.0.28-5 (bug #876783)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/318
@@ -82840,14 +82840,14 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low; bug #876682)
+ - libsndfile 1.0.28-5 (low; bug #876682)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low; bug #876682)
+ - libsndfile 1.0.28-5 (low; bug #876682)
[stretch] - libsndfile <no-dsa> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f46145be0f8ef0b7c693e83fe2530274a091e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f46145be0f8ef0b7c693e83fe2530274a091e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/64a25a51/attachment.html>
More information about the debian-security-tracker-commits
mailing list