[Git][security-tracker-team/security-tracker][master] adplug fixed in sid

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd9a8acd by Moritz Muehlenhoff at 2020-10-12T20:07:08+02:00
adplug fixed in sid
qemu bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78840,23 +78840,26 @@ CVE-2019-14736
 CVE-2019-14735
 	RESERVED
 CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...)
-	- adplug <unfixed>
+	- adplug 2.3.3+dfsg-2
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/90
+	NOTE: https://github.com/adplug/adplug/commit/8342139c09178823dba3f3bbd8b53d0ea0c72de9
 CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...)
-	- adplug <unfixed>
+	- adplug 2.3.3+dfsg-2
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/89
+	NOTE: https://github.com/adplug/adplug/commit/cb715174f95187bf544c11ca2a2ecd091b7fbb8a (eventually got replaced by rad2.cpp rewrite)
 CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...)
-	- adplug <unfixed>
+	- adplug 2.3.3+dfsg-2
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/88
+	NOTE: https://github.com/adplug/adplug/commit/30ddcfe9bd1cce3e02f8135961bceb411419dbdb
 CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
 	NOT-FOR-US: ZenTao CMS
 CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
@@ -87852,7 +87855,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
 CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
 	RESERVED
-	- qemu <unfixed> (low)
+	- qemu <unfixed> (low; bug #972099)
 	[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
 	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a8acdaf45361355aaacbc86b04c54e4f8f2c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9a8acdaf45361355aaacbc86b04c54e4f8f2c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201012/2a9c9b4a/attachment.html>