[Git][security-tracker-team/security-tracker][master] CVE-2019-25050: Only reference the fixing commit

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 26 19:42:07 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20e89fbe by Salvatore Bonaccorso at 2021-07-26T20:40:42+02:00
CVE-2019-25050: Only reference the fixing commit

The issue was found by fuzzing gdal, and there are two set of
introducing commits to uncover the issue.
27b9bf644bcf1208f7d6594bdd104cc8a8bb0646 got referenced as well, but
it's in the introducing range instread. Try to untangle the entry, but
maybe it can be done better.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1530,8 +1530,9 @@ CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer over
 	- gdal 3.1.0+dfsg-1
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
-	NOTE: https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
-	NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
+	NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1)
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
 CVE-2021-36805
 	RESERVED
 CVE-2021-36804



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e89fbedf2cf95a915d382f96c465d7a42a4056

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e89fbedf2cf95a915d382f96c465d7a42a4056
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210726/a9bb5129/attachment.htm>

More information about the debian-security-tracker-commits mailing list