[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2019-8842/cups
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 25 15:55:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
01bede8d by Salvatore Bonaccorso at 2020-04-25T16:53:10+02:00
Add CVE-2019-8842/cups
- - - - -
eed057c1 by Salvatore Bonaccorso at 2020-04-25T16:53:41+02:00
Track fixed version for CVE-2020-3898/cups via unstable
- - - - -
be31e53a by Salvatore Bonaccorso at 2020-04-25T16:55:03+02:00
Track fixed via proposed updates for cups via buster-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21427,7 +21427,7 @@ CVE-2020-3899 (A memory consumption issue was addressed with improved memory han
NOT-FOR-US: Apple
CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
RESERVED
- - cups <unfixed>
+ - cups 2.3.1-12
[buster] - cups <no-dsa> (Minor issue)
[stretch] - cups <no-dsa> (Minor issue)
[jessie] - cups <no-dsa> (Minor issue)
@@ -63452,8 +63452,12 @@ CVE-2019-8844
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8843
RESERVED
-CVE-2019-8842
+CVE-2019-8842 [he `ippReadIO` function may under-read an extension field]
RESERVED
+ - cups 2.3.1-12
+ [buster] - cups <no-dsa> (Minor issue)
+ [stretch] - cups <no-dsa> (Minor issue)
+ TODO: add commit once pushed to the https://github.com/apple/cups repo
CVE-2019-8841
RESERVED
CVE-2019-8840
=====================================
data/next-point-update.txt
=====================================
@@ -91,3 +91,7 @@ CVE-2019-14559
[buster] - edk2 0~20181115.85588389-3+deb10u1
CVE-2019-14575
[buster] - edk2 0~20181115.85588389-3+deb10u1
+CVE-2020-3898
+ [buster] - cups 2.2.10-6+deb10u3
+CVE-2019-8842
+ [buster] - cups 2.2.10-6+deb10u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9582a14a610d32a0e42c1090f80823dc8240af8b...be31e53ac093cad3065373c05418c11a05ac8720
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9582a14a610d32a0e42c1090f80823dc8240af8b...be31e53ac093cad3065373c05418c11a05ac8720
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200425/90ad6979/attachment.html>
More information about the debian-security-tracker-commits
mailing list