[Git][security-tracker-team/security-tracker][master] libmatio, nouveau non issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
391fef27 by Moritz Muehlenhoff at 2022-07-11T23:21:42+02:00
libmatio, nouveau non issues
mark old opencv report as NFU for Android, Android never really gave any information
  it's most probably bogus anyway

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182990,12 +182990,9 @@ CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructF
 	[jessie] - libmatio <no-dsa> (Minor issue)
 	NOTE: https://github.com/tbeu/matio/issues/128
 CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_VarRead ...)
-	- libmatio <unfixed>
-	[bullseye] - libmatio <no-dsa> (Minor issue)
-	[buster] - libmatio <no-dsa> (Minor issue)
-	[stretch] - libmatio <no-dsa> (Minor issue)
-	[jessie] - libmatio <no-dsa> (Minor issue)
+	- libmatio <unfixed> (unimportant)
 	NOTE: https://github.com/tbeu/matio/issues/130
+	NOTE: Negligible security impact
 CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...)
 	[experimental] - libmatio 1.5.18-1
 	- libmatio 1.5.19-2
@@ -221434,7 +221431,6 @@ CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Applica
 	- intellij-idea <itp> (bug #747616)
 CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
 	- intellij-idea <itp> (bug #747616)
-	- intellij-community-idea <undetermined>
 CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
 	- kotlin <not-affected> (Fixed before initial upload to Debian)
 CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
@@ -224494,8 +224490,7 @@ CVE-2019-9425 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9424 (In the Screen Lock, there is a possible information disclosure due to  ...)
 	NOT-FOR-US: Android
 CVE-2019-9423 (In opencv calls that use libpng, there is a possible out of bounds wri ...)
-	- opencv <undetermined>
-	NOTE: Currently no further information available
+	NOT-FOR-US: Android
 CVE-2019-9422 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9421 (In libandroidfw, there is a possible OOB read due to an integer overfl ...)
@@ -292900,12 +292895,9 @@ CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing fun
 CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
 	NOT-FOR-US: Canvas Draw
 CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
-	- xserver-xorg-video-nouveau <unfixed> (low)
-	[bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
-	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
-	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
-	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
+	- xserver-xorg-video-nouveau <unfixed> (unimportant)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647
+	NOTE: Nouveau is a reverse-engineered, best effort driver, negligible security impact
 CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
 	NOT-FOR-US: Atlantis Word Processor
 CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391fef271d0897389daf517a4c516f2536db6077

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/391fef271d0897389daf517a4c516f2536db6077
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/3b4ffd1e/attachment.htm>