[Git][security-tracker-team/security-tracker][master] 3 commits: these will be fixed

[Thorsten Alteholz]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3de037f8 by Thorsten Alteholz at 2019-11-27T21:35:31Z
these will be fixed

- - - - -
03db6173 by Thorsten Alteholz at 2019-11-27T21:35:32Z
this is issue #2335 which is fixed by a different commit

- - - - -
732e76b5 by Thorsten Alteholz at 2019-11-27T21:36:08Z
Reserve DLA-2013-1 for libvorbis

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -82958,7 +82958,6 @@ CVE-2018-10394
 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -82966,11 +82965,9 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
-	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
-	NOTE: Same patch as for CVE-2017-14160
+	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
 CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
@@ -122108,7 +122105,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2019] DLA-2013-1 libvorbis - security update
+	{CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+	[jessie] - libvorbis 1.3.4-2+deb8u2
 [26 Nov 2019] DLA-2012-1 libvpx - security update
 	{CVE-2019-9232 CVE-2019-9433}
 	[jessie] - libvpx 1.3.0-3+deb8u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab6a186cf0f14143a07577eee96352e52946d0e9...732e76b555ff1e8194205d1e1b989f9000c60348

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab6a186cf0f14143a07577eee96352e52946d0e9...732e76b555ff1e8194205d1e1b989f9000c60348
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191127/c3671abc/attachment.html>