[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream issue reference for CVE-2018-19519/tcpdump

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
940d928d by Salvatore Bonaccorso at 2019-10-03T21:41:40Z
Add upstream issue reference for CVE-2018-19519/tcpdump

- - - - -
27a22b1b by Salvatore Bonaccorso at 2019-10-03T21:42:42Z
Add Debian bug reference for CVE-2018-16301 and CVE-2019-15165

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5278,7 +5278,7 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
 	- tcpdump <unfixed>
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
-	- libpcap <unfixed>
+	- libpcap <unfixed> (bug #941697)
 	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
 	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
 CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may  ...)
@@ -48461,6 +48461,7 @@ CVE-2018-19520 (An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/con
 	NOT-FOR-US: SDCMS
 CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ...)
 	- tcpdump <unfixed> (unimportant)
+	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763
 	NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-19516
@@ -57451,7 +57452,7 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
 CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
 	NOT-FOR-US: MediaComm Zip-n-Go
 CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer ov ...)
-	- libpcap <unfixed>
+	- libpcap <unfixed> (bug #941697)
 	TODO: check for fixing commit, is adressed in libpcap 1.9.1
 CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
 	- tcpdump <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e48ce603e7cd433f0e7ee7eb4abdff5bb6fb874b...27a22b1bfe5c1c56441c0f2bbf813cdfaaad40a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e48ce603e7cd433f0e7ee7eb4abdff5bb6fb874b...27a22b1bfe5c1c56441c0f2bbf813cdfaaad40a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191003/1f48e96c/attachment.html>