[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2019-14576, CVE-2019-14564 & CVE-2019-14560 in edk2 for jessie LTS.

Tue Feb 11 09:18:47 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d2e5d6e by Chris Lamb at 2020-02-11T09:11:54+00:00
Triage CVE-2019-14576, CVE-2019-14564 & CVE-2019-14560 in edk2 for jessie LTS.

- - - - -
8dbca95d by Chris Lamb at 2020-02-11T09:18:13+00:00
data/dla-needed.txt: Triage qtbase-opensource-src for jessie LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -34571,6 +34571,7 @@ CVE-2019-14576
 CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx signature check]
 	RESERVED
 	- edk2 <unfixed>
+	[jessie] - edk2 <end-of-life> (non-free)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
 CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
 	NOT-FOR-US: Intel Windows graphics driver
@@ -34597,6 +34598,7 @@ CVE-2019-14564
 CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
 	RESERVED
 	- edk2 <unfixed>
+	[jessie] - edk2 <end-of-life> (non-free)
 	NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
 CVE-2019-14562
@@ -34608,6 +34610,7 @@ CVE-2019-14560
 CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
 	RESERVED
 	- edk2 <unfixed>
+	[jessie] - edk2 <end-of-life> (non-free)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
 CVE-2019-14558
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -74,6 +74,8 @@ python3.4 (Roberto C. Sánchez)
 qemu (Utkarsh Gupta)
   NOTE: 20200210: WIP.
 --
+qtbase-opensource-src
+--
 radare2
   NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
   NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5b360fb623bb0826fb2d7276b56befe551940d13...8dbca95d2907f6da00cfc29a747e7f0cb40a8c14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5b360fb623bb0826fb2d7276b56befe551940d13...8dbca95d2907f6da00cfc29a747e7f0cb40a8c14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200211/20959fa1/attachment.html>
