[Git][security-tracker-team/security-tracker][master] Reassign CVE-2019-13615 to libebml library

Salvatore Bonaccorso carnil at debian.org
Wed Jul 24 15:46:16 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d51f289 by Salvatore Bonaccorso at 2019-07-24T14:44:44Z
Reassign CVE-2019-13615 to libebml library

Further investigation upstream showed that the underlying issue is to be
found in the libebml library itself. Reassign in terms of tracking of
source package to the src:libebml library.

Upstream 1.3.6 fixed the issue, but the current bug discussion does not
give details on the exact change.

Contacted MITRE to reformulate the assignment as the issue is in
libebml.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1308,11 +1308,11 @@ CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.
 	- libsdl1.2 <unfixed>
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
 CVE-2019-13615 (VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in ...)
-	- vlc <unfixed> (bug #932241)
-	[buster] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
-	[stretch] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
-	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
+	- libebml 1.3.6-1 (bug #932241)
 	NOTE: https://trac.videolan.org/vlc/ticket/22474
+	NOTE: Issue was originally reported to vlc project, but the underlying issue is
+	NOTE: found in the libebml library, fixed upstream in 1.3.6. No information on
+	NOTE: details.
 CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link ...)
 	NOT-FOR-US: TP-Link
 CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d51f28931a30a77b01f3c21df32fb6406915f03

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d51f28931a30a77b01f3c21df32fb6406915f03
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190724/4df29b8a/attachment.html>

More information about the debian-security-tracker-commits mailing list