[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39170/dwarfutils
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 2 13:15:18 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfcc89c0 by Salvatore Bonaccorso at 2022-09-02T14:14:44+02:00
Add CVE-2022-39170/dwarfutils
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,11 @@ CVE-2022-39172
CVE-2022-39171
RESERVED
CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...)
- TODO: check
+ - dwarfutils <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/davea42/libdwarf-code/issues/132
+ NOTE: Introduced after: https://github.com/davea42/libdwarf-code/commit/d3ba444c4e4891545552590d9d36c2049197678e
+ NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/428235e3d132fb62faf7732735fdbb034d6264b4
+ NOTE: https://www.prevanders.net/dwarfbug.html#DW202208-001
CVE-2022-39169
RESERVED
CVE-2022-39168
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcc89c02227abf7f0d2d68cebc716d8a774ec49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfcc89c02227abf7f0d2d68cebc716d8a774ec49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/2ebc42b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list