[Git][security-tracker-team/security-tracker][master] Align severity for CVE-2018-19432 with CVE-2018-13139
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 2 10:21:18 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b4e5f5b by Salvatore Bonaccorso at 2019-01-02T10:19:47Z
Align severity for CVE-2018-19432 with CVE-2018-13139
They have the same underlying issue, the -- missing channel number check
in sndfile-deinterleave program, and not a problem in the library.
Both are treated as different vulnerabilities by the MITRE CNA but have
the same fix as commited upstream via
https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
Track both issues in the same way and demote severity of CVE-2018-19432
to unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9907,10 +9907,12 @@ CVE-2018-19433 (ShowDoc 2.4.1 has XSS via the lang parameter because ...)
NOT-FOR-US: ShowDoc
CVE-2018-19432 (An issue was discovered in libsndfile 1.0.28. There is a NULL pointer ...)
{DLA-1618-1}
- - libsndfile <unfixed> (low; bug #914381)
- [stretch] - libsndfile <no-dsa> (Minor issue)
+ - libsndfile <unfixed> (unimportant; bug #914381)
NOTE: https://github.com/erikd/libsndfile/issues/427
- NOTE: most likely a duplicate of CVE-2018-13139
+ NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
+ NOTE: Similar underlying issue as CVE-2018-13139 but not considered a duplicate.
+ NOTE: Missing channel number check in sndfile-deinterleave program, not a
+ NOTE: security issue in the library.
CVE-2018-19431
RESERVED
CVE-2018-19430
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b4e5f5b996f4954c585bbfa226d3124c6a0fe2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b4e5f5b996f4954c585bbfa226d3124c6a0fe2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190102/66ed9fa8/attachment.html>
More information about the debian-security-tracker-commits
mailing list