[Git][security-tracker-team/security-tracker][master] Track CVE-2019-5439 for vlc issue

Salvatore Bonaccorso carnil at debian.org
Thu Jun 13 20:19:54 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d06cee42 by Salvatore Bonaccorso at 2019-06-13T19:19:24Z
Track CVE-2019-5439 for vlc issue

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,10 +58,9 @@ CVE-2019-12781
 	RESERVED
 CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...)
 	NOT-FOR-US: Belkin Wemo Enabled Crock-Pot
-CVE-2019-XXXX [security issues fixed in vlc 3.0.7]
+CVE-2019-5439 [Buffer overflow in libavi_plugin memmove() call]
 	- vlc 3.0.7-1 (bug #930276)
-	[stretch] - vlc 3.0.7-0+deb9u1
-	NOTE: Workaround entry for DSA-4459-1 (until CVEs assigned)
+	NOTE: https://hackerone.com/reports/484398
 	NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
 CVE-2019-12779 (libqb before 1.0.5 allows local users to overwrite arbitrary files via ...)
 	- libqb 1.0.4-1 (bug #927159)
@@ -19212,8 +19211,6 @@ CVE-2019-5441
 	REJECTED
 CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
 	NOT-FOR-US: Revive Adserver
-CVE-2019-5439
-	RESERVED
 CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...)
 	NOT-FOR-US: npm harp module
 CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)


=====================================
data/DSA/list
=====================================
@@ -5,6 +5,7 @@
 	{CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474}
 	[stretch] - mediawiki 1:1.27.7-1~deb9u1
 [12 Jun 2019] DSA-4459-1 vlc - security update
+	{CVE-2019-5439}
 	[stretch] - vlc 3.0.7-0+deb9u1
 [08 Jun 2019] DSA-4458-1 cyrus-imapd - security update
 	{CVE-2019-11356}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d06cee4218ad1757839aeb50e6096e6bd722de5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d06cee4218ad1757839aeb50e6096e6bd722de5b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190613/8105f5fa/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list