[Git][security-tracker-team/security-tracker][master] CVE-2019-8904+CVE-2019-8906 are not in file in jessie+stretch

Adrian Bunk bunk at debian.org
Thu Feb 28 18:57:38 GMT 2019 

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7123894 by Adrian Bunk at 2019-02-28T18:57:25Z
CVE-2019-8904+CVE-2019-8906 are not in file in jessie+stretch

Introduced by upstream commit 0ac0678c52
(Print more info about NetBSD core files.)
and commit 76c55eae2
(Print the Go Build-ID like we do for other elf binaries).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -881,6 +881,8 @@ CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remot
 	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an ...)
 	- file <unfixed> (bug #922969)
+	[jessie] - file <not-affected> (vulnerable code introduced later)
+	[stretch] - file <not-affected> (vulnerable code introduced later)
 	NOTE: https://bugs.astron.com/view.php?id=64
 	NOTE: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
 CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...)
@@ -889,6 +891,8 @@ CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-
 	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
 CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...)
 	- file <unfixed> (bug #922967)
+	[jessie] - file <not-affected> (vulnerable code introduced later)
+	[stretch] - file <not-affected> (vulnerable code introduced later)
 	NOTE: https://bugs.astron.com/view.php?id=62
 	NOTE: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55
 CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e71238942c8755c3d0031aa164eb526d49c7ea80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190228/9e04e4ff/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list