[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-1010004

Mon Jul 15 18:30:13 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0ed0530 by Salvatore Bonaccorso at 2019-07-15T17:29:22Z
Update information on CVE-2019-1010004

Although fixed with same commit, it is considered disinct but
overlapping with CVE-2017-18189. Thus track separately.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10234,7 +10234,9 @@ CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: D
 CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...)
 	NOT-FOR-US: HexoEditor
 CVE-2019-1010004 (SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds  ...)
-	NOT-FOR-US: Duplicate of CVE-2017-18189, should be rejected
+	- sox 14.4.2-2 (bug #881121)
+	[stretch] - sox <no-dsa> (Minor issue)
+	NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53
 CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...)
 	NOT-FOR-US: Leanote
 CVE-2019-1010002


=====================================
data/DLA/list
=====================================
@@ -487,7 +487,7 @@
 	{CVE-2018-14662 CVE-2018-16846}
 	[jessie] - ceph 0.80.7-2+deb8u3
 [28 Feb 2019] DLA-1695-1 sox - security update
-	{CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189}
+	{CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 CVE-2019-1010004}
 	[jessie] - sox 14.4.1-5+deb8u2
 [28 Feb 2019] DLA-1694-1 qemu - security update
 	{CVE-2018-12617 CVE-2018-16872 CVE-2019-6778}
@@ -1991,7 +1991,7 @@
 	{CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922}
 	[wheezy] - libextractor 1:0.6.3-5+deb7u1
 [30 Nov 2017] DLA-1197-1 sox - security update
-	{CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189}
+	{CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 CVE-2019-1010004}
 	[wheezy] - sox 14.4.0-3+deb7u2
 [30 Nov 2017] DLA-1196-1 optipng - security update
 	{CVE-2017-16938}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0ed0530e06a3f9eee40132ac9c12844944a8050

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0ed0530e06a3f9eee40132ac9c12844944a8050
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190715/5e110236/attachment.html>
