[Git][security-tracker-team/security-tracker][master] Add new busybox issue CVE-2018-20679
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 9 20:26:06 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b01f43e by Salvatore Bonaccorso at 2019-01-09T20:24:21Z
Add new busybox issue CVE-2018-20679
There is as well CVE-2019-5747 which got assigned for an initial
incomplete fix for CVE-2018-20679. Thus not affecting any released
version in Debian.
When fixing CVE-2018-20679 it is just important to apply the complete
fix to not open up CVE-2019-5747 itself.
Add respective notes to the CVE-2018-20679 entry.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,9 @@ CVE-2019-5749
CVE-2019-5748 (In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might ...)
TODO: check
CVE-2019-5747 (An issue was discovered in BusyBox through 1.30.0. An out of bounds ...)
- TODO: check
+ - busybox <not-affected> (Incomplete fix for CVE-2018-20679 not applied)
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
+ NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
CVE-2019-5746
RESERVED
CVE-2019-5745
@@ -35,7 +37,13 @@ CVE-2019-5737
CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
TODO: check
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...)
- TODO: check
+ - busybox <unfixed>
+ NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
+ NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
+ NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
+ NOTE: applying the partial fix. The followup commit
+ NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
+ NOTE: is needed to fix the issue completely.
CVE-2018-20678
RESERVED
CVE-2019-5736
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b01f43e34481dd27e09eb166a794a707c5e9d6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b01f43e34481dd27e09eb166a794a707c5e9d6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/281266bb/attachment.html>
More information about the debian-security-tracker-commits
mailing list