[Git][security-tracker-team/security-tracker][master] Slightly update information for CVE-2019-10902
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 31 20:05:29 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7243d4a3 by Salvatore Bonaccorso at 2020-10-31T21:02:56+01:00
Slightly update information for CVE-2019-10902
If an issue was only in experimental then we can mark it not-affected
here as we do not count experimental (tracking of experimental is mostly
a helper to issues present in unstable, fixed first then in experimental
and moved to unstable).
As Adrian noticed, the issue was introduced in 3.0.0 and then fixed in
3.0.1. Which means that only 3.0.0-1~exp0 in experimental was affected
and then fixed therein in 3.0.2-1~exp0. The next upload to unstable then
was 3.0.3-1.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94303,15 +94303,12 @@ CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCE
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-18.html
CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was addresse ...)
- - wireshark 3.0.3-1 (low)
- [buster] - wireshark <not-affected> (vulnerable code is not present)
- [stretch] - wireshark <not-affected> (vulnerable code is not present)
- [jessie] - wireshark <not-affected> (vulnerable code is not present)
+ - wireshark <not-affected> (Vulnerable code only present in experimental)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-16.html
- NOTE: bug was never in Debian:
- NOTE: dissector introduced in 3.0.0 and CVE fixed in 3.0.1
+ NOTE: bug was never in Debian apart experimental released versions:
+ NOTE: Dissector introduced in 3.0.0 and CVE fixed in 3.0.1
CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
{DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7243d4a30f25964c4f9b4ee824fb599be38e3cf6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7243d4a30f25964c4f9b4ee824fb599be38e3cf6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/17f7e251/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list