[Git][security-tracker-team/security-tracker][master] new picolibc issues fixed in sid
Moritz Muehlenhoff
jmm at debian.org
Wed Jun 10 10:04:24 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b024a6c2 by Moritz Muehlenhoff at 2020-06-10T11:04:00+02:00
new picolibc issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48982,15 +48982,17 @@ CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions p
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected, not yet in the archive
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14877 (In the __mdiff function of the newlib libc library, all versions prior ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14876 (In the __lshift function of the newlib libc library, all versions prio ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
@@ -49010,29 +49012,33 @@ CVE-2019-14874 (In the __i2b function of the newlib libc library, all versions p
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
- - picolibc <unfixed> (unimportant)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14873 (In the __multadd function of the newlib libc library, prior to version ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14872 (The _dtoa_r function of the newlib libc library, prior to version 3.3. ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
- samba 2:4.11.3+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b024a6c2ad239da400c423bede69829ef7f86ec8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b024a6c2ad239da400c423bede69829ef7f86ec8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200610/b7e4bdf6/attachment.html>
More information about the debian-security-tracker-commits
mailing list