[Git][security-tracker-team/security-tracker][master] Add notes on CVE-2019-14249/dwarfutils

Salvatore Bonaccorso carnil at debian.org
Thu Jul 25 16:43:23 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69b2ca98 by Salvatore Bonaccorso at 2019-07-25T15:42:03Z
Add notes on CVE-2019-14249/dwarfutils

Possibly this issue only affects versions after 20190505 where upstream
commit introduced the new code handling in the dwarf_elf_load_headers.c
file which is not present in versions up to the current one in unstable
(20180809-1).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,6 +28,8 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows at
 	- dwarfutils <unfixed> (low)
 	[buster] - dwarfutils <no-dsa> (Minor issue)
 	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
+	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
 CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows  ...)
 	- nasm <unfixed> (unimportant; bug #932907)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b2ca98c9576279022047953e27fce122c2ddad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/69b2ca98c9576279022047953e27fce122c2ddad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190725/8288a5cd/attachment.html>


More information about the debian-security-tracker-commits mailing list