[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-14493/opencv

Salvatore Bonaccorso carnil at debian.org
Mon Sep 23 16:52:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf2b1317 by Salvatore Bonaccorso at 2019-09-23T15:50:44Z
Update information on CVE-2019-14493/opencv

The issue has bene fixed in upstream 4.1.1, but it's not 100% clear if
the issue affects as well the 3.x series. Similar code is present in
3.2.0+dfsg-6 in modules/core/src/persistence.cpp but the check might be
present there not having fully read checked through the code.

There was a refactoring later upstream, and the issue might have only
been present in this case in the 4.x series.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6221,8 +6221,13 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
 CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
+	[experimental] - opencv 4.1.1+dfsg-1
 	- opencv <unfixed>
 	NOTE: https://github.com/opencv/opencv/issues/15127
+	NOTE: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023
+	NOTE: In older versions of opencv missing NULL pointer check(s) are in
+	NOTE: modules/core/src/persistence.cpp (before refactoring).
+	TODO: check if the old code though is really affected, might been introduced with the refactoring
 CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
 	- opencv <unfixed>
 	NOTE: https://github.com/opencv/opencv/issues/15124



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2b1317f598c4054879b21f8cbe83b2f0e62cc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cf2b1317f598c4054879b21f8cbe83b2f0e62cc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190923/69d3abd4/attachment.html>

More information about the debian-security-tracker-commits mailing list