[Git][security-tracker-team/security-tracker][master] CVE-2019-13225,libonig: Jessie is not affected.
Markus Koschany
apo at debian.org
Wed Jul 17 02:23:42 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b21461ae by Markus Koschany at 2019-07-17T00:42:14Z
CVE-2019-13225,libonig: Jessie is not affected.
The vulnerable code was introduced later. This was confirmed by upstream in
https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c#commitcomment-34298393
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1893,6 +1893,7 @@ CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguru
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
[stretch] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
- libonig 6.9.2-1 (low; bug #931878)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b21461aee2a89ffd1988e8aa314342adc72ae097
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b21461aee2a89ffd1988e8aa314342adc72ae097
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190717/d2b24827/attachment.html>
More information about the debian-security-tracker-commits
mailing list