[Git][security-tracker-team/security-tracker][master] Update notes on CVE-2019-3815/systemd

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e13356e by Salvatore Bonaccorso at 2019-01-19T21:50:22Z
Update notes on CVE-2019-3815/systemd

The CVE is affecting specifically our backport of the CVE-2018-16864 fix
for stretch which was based on both upstream's and Red Hat's backport
work for v219.

Details in the regression fix at
https://lists.debian.org/debian-security-announce/2019/msg00008.html .

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5783,12 +5783,14 @@ CVE-2019-3817
 	RESERVED
 CVE-2019-3816
 	RESERVED
-CVE-2019-3815
+CVE-2019-3815 [systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864]
 	RESERVED
 	- systemd <not-affected> (This only affected backports to older suites, not the version in sid)
 	[stretch] - systemd 232-25+deb9u8
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815
+	[jessie] - systemd <not-affected> (Broken fix for CVE-2018-16864 not applied)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666690
 	NOTE: For stable it affected DSA-4367-1 and was corrected in DSA-4367-2
+	NOTE: specifically the backport of the fix for CVE-2018-16864.
 CVE-2019-3814
 	RESERVED
 CVE-2019-3813



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e13356ebe28dd61cf418f814688fc5960e10118

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e13356ebe28dd61cf418f814688fc5960e10118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190119/25706f36/attachment.html>