[Git][security-tracker-team/security-tracker][master] Track fixes for various CVEs for libsndfile via unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
800f4614 by Salvatore Bonaccorso at 2019-02-12T21:13:11Z
Track fixes for various CVEs for libsndfile via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16358,7 +16358,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
 	TODO: check
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
 	{DLA-1632-1}
-	- libsndfile <unfixed> (bug #917416)
+	- libsndfile 1.0.28-5 (bug #917416)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
 	NOTE: https://github.com/erikd/libsndfile/issues/435
@@ -16570,14 +16570,14 @@ CVE-2018-19663
 	RESERVED
 CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low)
+	- libsndfile 1.0.28-5 (low)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/429
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
 	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
 CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low)
+	- libsndfile 1.0.28-5 (low)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/429
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
@@ -70063,7 +70063,7 @@ CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to
 	NOTE: https://github.com/kubernetes/kubernetes/issues/60813
 CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low; bug #884735)
+	- libsndfile 1.0.28-5 (low; bug #884735)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/344
@@ -70071,7 +70071,7 @@ CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 m
 	NOTE: Might be a duplicate of CVE-2017-14245/CVE-2017-14246
 CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low; bug #884735)
+	- libsndfile 1.0.28-5 (low; bug #884735)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/344
@@ -81678,7 +81678,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord
 	NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
 CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (bug #876783)
+	- libsndfile 1.0.28-5 (bug #876783)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/318
@@ -82840,14 +82840,14 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low; bug #876682)
+	- libsndfile 1.0.28-5 (low; bug #876682)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/317
 	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
 CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of ...)
 	{DLA-1618-1}
-	- libsndfile <unfixed> (low; bug #876682)
+	- libsndfile 1.0.28-5 (low; bug #876682)
 	[stretch] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/317



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f46145be0f8ef0b7c693e83fe2530274a091e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/800f46145be0f8ef0b7c693e83fe2530274a091e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/64a25a51/attachment.html>