[Git][security-tracker-team/security-tracker][master] ncurses fixed
Moritz Muehlenhoff
jmm at debian.org
Thu Oct 24 21:36:52 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6cd7e568 by Moritz Muehlenhoff at 2019-10-24T20:36:20Z
ncurses fixed
libpcap no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2713,14 +2713,14 @@ CVE-2019-17596 [crypto/dsa: invalid public key causes panic in dsa.Verify]
NOTE: https://github.com/golang/go/issues/34962 (1.13 backport)
NOTE: https://github.com/golang/go/issues/34961 (1.12 backport)
CVE-2019-17595 (There is a heap-based buffer over-read in the fmt_entry function in ti ...)
- - ncurses <unfixed> (low; bug #942401)
+ - ncurses 6.1+20191019-1 (low; bug #942401)
[buster] - ncurses <no-dsa> (Minor issue)
[stretch] - ncurses <no-dsa> (Minor issue)
[jessie] - ncurses <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
CVE-2019-17594 (There is a heap-based buffer over-read in the _nc_find_entry function ...)
- - ncurses <unfixed> (low; bug #942401)
+ - ncurses 6.1+20191019-1 (low; bug #942401)
[buster] - ncurses <no-dsa> (Minor issue)
[stretch] - ncurses <no-dsa> (Minor issue)
[jessie] - ncurses <no-dsa> (Minor issue)
@@ -9328,7 +9328,9 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
{DLA-1967-1}
- - libpcap 1.9.1-1 (bug #941697)
+ - libpcap 1.9.1-1 (low; bug #941697)
+ [buster] - libpcap <no-dsa> (Minor issue)
+ [stretch] - libpcap <no-dsa> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cd7e568603bb806f68ff3055b2f41fb6b604bdf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6cd7e568603bb806f68ff3055b2f41fb6b604bdf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191024/627b3da3/attachment.html>
More information about the debian-security-tracker-commits
mailing list