[Git][security-tracker-team/security-tracker][master] 2 commits: Reference upstream commits for the three ticket for CVE-2019-18823
Salvatore Bonaccorso
carnil at debian.org
Mon May 25 10:28:16 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42a4a8fb by Salvatore Bonaccorso at 2020-05-25T11:26:33+02:00
Reference upstream commits for the three ticket for CVE-2019-18823
The issue(s) are fixed in 8.8.8 and 8.9.6, so filter out the changes to
for the release notes and build fixes separately covered in the
comparision between 8.8.7 and 8.8.8.
- - - - -
ca3a79aa by Salvatore Bonaccorso at 2020-05-25T11:27:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13437
RESERVED
CVE-2020-13436
@@ -13,7 +13,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCod
CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...)
TODO: check
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
- TODO: check
+ NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432
RESERVED
CVE-2020-13431
@@ -32570,7 +32570,11 @@ CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
- NOTE: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8
+ NOTE: https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14
+ NOTE: https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129
+ NOTE: https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d
+ NOTE: https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716
+ NOTE: https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b
CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...)
NOT-FOR-US: ZOOM Call Recording
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200525/c8f5e602/attachment.html>
More information about the debian-security-tracker-commits
mailing list