[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-8375 and CVE-2017-17821
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 7 20:28:13 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ef551fe by Salvatore Bonaccorso at 2019-09-07T19:27:10Z
Update information on CVE-2019-8375 and CVE-2017-17821
According the triage from Berto in
https://lists.debian.org/debian-security-tracker/2019/09/msg00002.html
those are fixed in 2.23.90 and 2.21.3. Marking those as fixed with the
first version in unstable following those and including the fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23257,7 +23257,7 @@ CVE-2019-8376 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer derefe
NOTE: https://github.com/appneta/tcpreplay/issues/537
NOTE: Crash in a CLI tool, no security impact
CVE-2019-8375 (The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.9 ...)
- - webkit2gtk <unfixed> (unimportant)
+ - webkit2gtk 2.24.1-1 (unimportant)
NOTE: https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531
NOTE: https://trac.webkit.org/changeset/241515/webkit
NOTE: https://www.inputzero.io/2019/02/fuzzing-webkit.html
@@ -89657,7 +89657,7 @@ CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to SQL
CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via ...)
- piwigo <removed>
CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...)
- - webkit2gtk <unfixed> (unimportant)
+ - webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=181020 (not public)
NOTE: Not covered by security support
CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_l ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef551fe67fd78b72be4ee3ebd30ae1ab1c1dfc3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef551fe67fd78b72be4ee3ebd30ae1ab1c1dfc3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190907/aec82cf2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list