[Git][security-tracker-team/security-tracker][master] Add CVE-2017-12839/mpg123, older issue in mpg123
Salvatore Bonaccorso
carnil at debian.org
Sat May 11 12:42:10 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37c6cd43 by Salvatore Bonaccorso at 2019-05-11T11:41:41Z
Add CVE-2017-12839/mpg123, older issue in mpg123
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -98964,7 +98964,9 @@ CVE-2017-12841
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...)
NOTE: DESLock+
CVE-2017-12839 (A heap-based buffer over-read in the getbits function in src/libmpg123 ...)
- TODO: check
+ - mpg123 1.25.6-1
+ NOTE: https://sourceforge.net/p/mpg123/bugs/255/
+ NOTE: https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
NOT-FOR-US: NexusPHP
CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37c6cd4385f0a8d126c5244922819e3b6c520190
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37c6cd4385f0a8d126c5244922819e3b6c520190
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/280c7dbd/attachment.html>
More information about the debian-security-tracker-commits
mailing list