[Git][security-tracker-team/security-tracker][master] CVE-2019-773{2,3}/liblivemedia: no-dsa in jessie

Hugo Lefeuvre hle at debian.org
Sat May 11 17:55:52 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f8ccc52 by Hugo Lefeuvre at 2019-05-11T16:55:35Z
CVE-2019-773{2,3}/liblivemedia: no-dsa in jessie

Fuzzing noise, both issues are very unlikely to be exploited in
practice, with rather low impact. It is not even sure that upstream
will ever fix them.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10717,10 +10717,12 @@ CVE-2019-7734
 CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...)
 	- liblivemedia <unfixed> (low)
 	[stretch] - liblivemedia <no-dsa> (Minor issue)
+	[jessie] - liblivemedia <no-dsa> (Minor issue)
 	NOTE: https://github.com/rgaufman/live555/issues/21
 CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...)
 	- liblivemedia <unfixed> (low)
 	[stretch] - liblivemedia <no-dsa> (Minor issue)
+	[jessie] - liblivemedia <no-dsa> (Minor issue, unlikely to be exploited in practice)
 	NOTE: https://github.com/rgaufman/live555/issues/20
 CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an  ...)
 	NOT-FOR-US: MyWebSQL


=====================================
data/dla-needed.txt
=====================================
@@ -58,12 +58,6 @@ libav
   NOTE: 20190401: has been found, so far. If you pick libav, be prepared to work
   NOTE: 20190401: out patches yourself.
 --
-liblivemedia (Hugo Lefeuvre)
-  NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle
-  NOTE: 20190502: not sure upstream was aware of them, contacted them via live555 ML.
-  NOTE: 20190511: my message on the ML is (still!) awaiting moderation, so I continue
-  NOTE: to doubt that they are aware of these CVEs.
---
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f8ccc520971452b225e098a6cfd7d411fc1ec47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f8ccc520971452b225e098a6cfd7d411fc1ec47
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/dc1c6097/attachment.html>

More information about the debian-security-tracker-commits mailing list