[Git][security-tracker-team/security-tracker][master] Split out temproary entry for incomplete fix for CVE-2019-19906
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 23 06:24:22 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf632aab by Salvatore Bonaccorso at 2022-02-23T07:22:48+01:00
Split out temproary entry for incomplete fix for CVE-2019-19906
In Debian for DSA-4591-1 and for the initial upload addressing
CVE-2019-19906 only the incomplete patch was applied. Split out a
temporary entry for the "Amend off-by-one in _sasl_add_string function"
part fixed in 2.1.27+dfsg2-1 in unstable and not yet applied for older
versions.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154023,13 +154023,22 @@ CVE-2019-19892
RESERVED
CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...)
NOT-FOR-US: Mitel SIP-DECT wireless devices
+CVE-2022-XXXX [Incomplete fix for CVE-2019-19906]
+ - cyrus-sasl2 2.1.27+dfsg2-1
+ NOTE: DSA-4591-1 applied only the first part of the fix which was incomplete.
+ NOTE: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/f96ba043fb9ffd30f7089564164203136506e7ab (master)
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/5ac1beeb574cd9d0a518d72330b19d2460688089 (cyrus-sasl-2.1.28)
CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...)
{DSA-4591-1 DLA-2044-1}
- cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
- NOTE: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 (master)
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/f96ba043fb9ffd30f7089564164203136506e7ab (master)
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/332b8c591b662bce4a2dae55cad9784e15096908 (cyrus-sasl-2.1.28)
+ NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/5ac1beeb574cd9d0a518d72330b19d2460688089 (cyrus-sasl-2.1.28)
NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
- NOTE: fixed in 2.1.28 https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
+ NOTE: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
CVE-2019-16787
REJECTED
CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf632aabf656802517b5ff527aaf26ad25f176c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf632aabf656802517b5ff527aaf26ad25f176c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/d8988d3a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list