[Git][security-tracker-team/security-tracker][master] 2 commits: Reference upstream commits for the three ticket for CVE-2019-18823

Mon May 25 10:28:16 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42a4a8fb by Salvatore Bonaccorso at 2020-05-25T11:26:33+02:00
Reference upstream commits for the three ticket for CVE-2019-18823

The issue(s) are fixed in 8.8.8 and 8.9.6, so filter out the changes to
for the release notes and build fixes separately covered in the
comparision between 8.8.7 and 8.8.8.

- - - - -
ca3a79aa by Salvatore Bonaccorso at 2020-05-25T11:27:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2020-13437
 	RESERVED
 CVE-2020-13436
@@ -13,7 +13,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCod
 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf  ...)
 	TODO: check
 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
-	TODO: check
+	NOT-FOR-US: Jason2605 AdminPanel
 CVE-2020-13432
 	RESERVED
 CVE-2020-13431
@@ -32570,7 +32570,11 @@ CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
 	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
-	NOTE: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8
+	NOTE: https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14
+	NOTE: https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129
+	NOTE: https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d
+	NOTE: https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716
+	NOTE: https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b
 CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...)
 	NOT-FOR-US: ZOOM Call Recording
 CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200525/c8f5e602/attachment.html>
