[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11745/nss

Sun Nov 24 08:16:59 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a2e1538 by Salvatore Bonaccorso at 2019-11-24T08:16:28Z
Add CVE-2019-11745/nss

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24920,8 +24920,12 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
-CVE-2019-11745
+CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate]
 	RESERVED
+	- nss <unfixed>
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
+	NOTE: Upstream patch: https://hg.mozilla.org/releases/mozilla-esr68/rev/ea1bc0fb2dda
+	NOTE: Fixed in 3.44.3 and 3.47.1 upstream.
 CVE-2019-11744 (Some HTML elements, such as &lt;title&gt; and &lt;textarea ...)
 	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
 	- firefox 69.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a2e1538e551e525d0ff904b446d66cc950d7991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a2e1538e551e525d0ff904b446d66cc950d7991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191124/8089dd7b/attachment-0001.html>
