[Git][security-tracker-team/security-tracker][master] 2 commits: Reference commit for CVE-2018-6952/patch
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 25 20:26:20 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b3c0cf3 by Salvatore Bonaccorso at 2020-03-25T21:23:11+01:00
Reference commit for CVE-2018-6952/patch
- - - - -
4601ac6c by Salvatore Bonaccorso at 2020-03-25T21:25:43+01:00
Add information on CVE-2019-20633/patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,8 @@ CVE-2020-10944
CVE-2020-10943
RESERVED
CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...)
- TODO: check
+ - patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
+ NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
@@ -116793,6 +116794,9 @@ CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a cer
CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patc ...)
- patch <unfixed> (unimportant)
NOTE: https://savannah.gnu.org/bugs/index.php?53133
+ NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
+ NOTE: When fixing this issue make sure to not apply only the incomplete fix,
+ NOTE: and opening CVE-2019-20633, cf. https://savannah.gnu.org/bugs/index.php?56683
NOTE: Crash in CLI tool, no security impact
CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a segment ...)
- patch <unfixed> (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ee8543e83f7baebae81a07d4d22896d3370763f...4601ac6c34ec83846a1c509338afe7cdf23f6f84
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3ee8543e83f7baebae81a07d4d22896d3370763f...4601ac6c34ec83846a1c509338afe7cdf23f6f84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200325/d8be774e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list