[Git][security-tracker-team/security-tracker][master] Update CVE-2019-3883/389-ds-base information on fix
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 11 20:31:10 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14696a89 by Salvatore Bonaccorso at 2019-09-11T19:28:06Z
Update CVE-2019-3883/389-ds-base information on fix
Furthermore the original fix was causing regressions so it was reverted
and new fixed applied.
DLA-1779-1 seems to contain the original patch only which was reverted,
so this might need to be double-checked for 389-ds-base in jessie.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34397,12 +34397,20 @@ CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of ato
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...)
{DLA-1779-1}
- - 389-ds-base <unfixed> (bug #927939)
+ - 389-ds-base 1.4.1.5-1 (bug #927939)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
NOTE: https://pagure.io/389-ds-base/issue/50329
NOTE: https://pagure.io/389-ds-base/c/4d9cc24da (master)
NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
+ NOTE: Patch was applied upstream but then reverted again, as it introduces
+ NOTE: regressions:
+ NOTE: https://pagure.io/389-ds-base/c/f35ad37100ab5915445d6d37f8921dd46f83656e
+ NOTE: Fixed properly via:
+ NOTE: https://pagure.io/389-ds-base/pull-request/50398
+ NOTE: https://pagure.io/389-ds-base/c/f20e982c68a700b5ba2c41e5b6f3cdeb5fcb5fab (389-ds-base-1.4.1.4)
+ NOTE: https://pagure.io/389-ds-base/c/7b0e7f6f51f6a117f6a40aa3967cad656eafb811 (389-ds-base-1.4.0.24)
+ NOTE: https://pagure.io/389-ds-base/c/33ac4f5a78d1a42385d1c011d88cef26771e99f5 (389-ds-base-1.3.9 branch)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
{DSA-4497-1 DLA-1885-1 DLA-1799-1}
- linux 4.19.37-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14696a899ba86bea6058f858d6b59d7564c3027a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14696a899ba86bea6058f858d6b59d7564c3027a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190911/9a7541a9/attachment.html>
More information about the debian-security-tracker-commits
mailing list