[Git][security-tracker-team/security-tracker][master] new libvpx issues

Moritz Muehlenhoff jmm at debian.org
Mon Nov 11 11:11:39 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57833575 by Moritz Muehlenhoff at 2019-11-11T11:09:05Z
new libvpx issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31452,7 +31452,8 @@ CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper  ...)
-	TODO: check
+	- libvpx 1.8.1-2
+	NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...)
 	NOT-FOR-US: Android
 CVE-2019-9431 (In Bluetooth, there is a possible out of bounds read due to a use afte ...)
@@ -31576,7 +31577,13 @@ CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization
 CVE-2019-9372 (In libskia, there is a possible crash due to a missing null check. Thi ...)
 	TODO: check
 CVE-2019-9371 (In libvpx, there is a possible resource exhaustion due to improper inp ...)
-	TODO: check
+	- libvpx 1.8.1-2
+	NOTE: Commits in libwebm:
+	NOTE: https://chromium.googlesource.com/webm/libwebm/+/027a472efe49ff3a24be619442d2150658dbaaa0
+	NOTE: https://chromium.googlesource.com/webm/libwebm/+/cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
+	NOTE: Sync to libvpx via:
+	NOTE: https://github.com/webmproject/libvpx/commit/34d54b04e98dd0bac32e9aab0fbda0bf501bc742
+	NOTE: https://github.com/webmproject/libvpx/commit/f00890eecdf8365ea125ac16769a83aa6b68792d
 CVE-2019-9370 (In sonivox, there is a possible out of bounds read due to an incorrect ...)
 	NOT-FOR-US: Android
 CVE-2019-9369 (In Bluetooth, there is a use of uninitialized variable. This could lea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/578335759e355a7f741d195a7388706ebb58eac8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/578335759e355a7f741d195a7388706ebb58eac8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191111/c3eeeffd/attachment.html>

More information about the debian-security-tracker-commits mailing list