[Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2019-7638: reference to upstream vcs commits

Salvatore Bonaccorso carnil at debian.org
Wed Mar 13 18:42:42 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c188357f by Salvatore Bonaccorso at 2019-03-13T18:22:34Z
CVE-2019-7638: reference to upstream vcs commits

- - - - -
4c945545 by Salvatore Bonaccorso at 2019-03-13T18:23:37Z
CVE-2019-7637: Patch yet proposed

- - - - -
a83f27f7 by Salvatore Bonaccorso at 2019-03-13T18:26:23Z
CVE-2019-7636: sync notes

- - - - -
00a6293d by Salvatore Bonaccorso at 2019-03-13T18:34:20Z
Add prefix patch notes rechecking upstream status

As patchsets not yet accepted upstream make a note on proposal status
and review once commited upstream (replacing commit ids).

- - - - -
a2868b63 by Salvatore Bonaccorso at 2019-03-13T18:41:32Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
 CVE-2019-9739
 	RESERVED
 CVE-2019-9738 (jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED ...)
-	TODO: check
+	NOT-FOR-US: jimmykuu Gopher
 CVE-2019-9737 (Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED ...)
-	TODO: check
+	NOT-FOR-US: pandao Editor.md
 CVE-2019-9736 (DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving ...)
 	TODO: check
 CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenStack ...)
@@ -4805,30 +4805,31 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3631
+	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
+	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
 CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3630
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3630
 CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
-	NOTE: For 1.2 https://hg.libsdl.org/SDL/rev/19d8c3b9c251
-	NOTE: For libsdl2 https://hg.libsdl.org/SDL/rev/07c39cbbeacf
+	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
+	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
 CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3637
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3645
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3637
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3645
 CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for ...)
 	NOT-FOR-US: BoKS
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
@@ -4956,21 +4957,22 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
 CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3608
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3694
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3608
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3694
 CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490
+	NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
 	NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
 CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
@@ -4978,29 +4980,29 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3609
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3609
 CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
 CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3620
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3620
 CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has ...)
 	- libsdl1.2 <unfixed>
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
 	- libsdl2 <unfixed>
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3612
-	NOTE: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3618
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3612
+	NOTE: Proposed patch: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3618
 CVE-2019-7571
 	RESERVED
 CVE-2019-7570 (A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a31404493cee6ce805011d1a65aa301031e17980...a2868b630e28938464b482420628700134ef8446

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a31404493cee6ce805011d1a65aa301031e17980...a2868b630e28938464b482420628700134ef8446
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190313/e974f1c9/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list