[Git][security-tracker-team/security-tracker][master] new qt, tcc issues

Moritz Muehlenhoff jmm at debian.org
Tue Mar 19 22:25:43 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d97c406 by Moritz Muehlenhoff at 2019-03-19T22:25:12Z
new qt, tcc issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -289,7 +289,9 @@ CVE-2019-9756
 CVE-2019-9755
 	RESERVED
 CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
-	TODO: check
+	- tcc <unfixed> (low)
+	[stretch] - tcc <no-dsa> (Minor issue)
+	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html
 CVE-2019-9753
 	RESERVED
 CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
@@ -320,7 +322,8 @@ CVE-2019-9748 (In tinysvcmdns through 2018-01-16, an mDNS server processing a cr
 CVE-2019-9747 (In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multica ...)
 	TODO: check
 CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused by the ...)
-	TODO: check
+	NOT-FOR-US: libwebm
+	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
 CVE-2019-9745
 	RESERVED
 CVE-2019-9744
@@ -21216,7 +21219,8 @@ CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a b
 	NOTE: https://codereview.qt-project.org/#/c/238749/
 	NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
 CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...)
-	TODO: check
+	- qtbase-opensource-src 5.11.2+dfsg-3 (low)
+	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
 	- qtimageformats-opensource-src 5.11.3-2 (low)
 	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d97c406f2660291c8e48f353c5cc7bf25ff66d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d97c406f2660291c8e48f353c5cc7bf25ff66d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/3d01fa06/attachment.html>

More information about the debian-security-tracker-commits mailing list