[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-20052

Salvatore Bonaccorso carnil at debian.org
Tue Jun 30 19:56:14 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf468a66 by Salvatore Bonaccorso at 2020-06-30T20:53:52+02:00
Update information on CVE-2019-20052

If the triage is correct, and the vulnerability never in any Debian
released version then <not-affected> is correct. 1.5.2-3 should not be
used here as this would mean that the issu was fixed with the unstable
upload as 1.5.2-3 done in unstable and affecting earlier versions than
that.

Under above assumption, which seem to match as well upstream's
assessment mark it as not-affected with noting that the vulnerbility was
introduced later.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29429,9 +29429,8 @@ CVE-2019-20053 (An invalid memory address dereference was discovered in the canU
 	NOTE: https://github.com/upx/upx/issues/314
 	NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
 CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 ...)
-	- libmatio 1.5.2-3
+	- libmatio <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/tbeu/matio/issues/131
-	NOTE: Vulnerability was not in any released version
 CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...)
 	- upx-ucl 3.96-1 (unimportant)
 	NOTE: https://github.com/upx/upx/issues/313



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf468a66053dcce8ad66e08fd9e7768e35c20336

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf468a66053dcce8ad66e08fd9e7768e35c20336
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/12f984d1/attachment.html>


More information about the debian-security-tracker-commits mailing list