Skip to content

Commits on Source 2

  • Salvatore Bonaccorso's avatar
    Add todo/note for CVE-2019-6256/liblivemedia · 113e87fb
    Salvatore Bonaccorso authored 
    The addition of 2018.11.26-1 was based on reproducibility of the issue.
We have no proof yet on where the fix actually lies so add at least here
a todo for further checking given the maintainers are confident the
issue is fixed in the newest version.

We would need to isolate the fix, and secondly pinpoint to the exact
version adressing the issue in sid.
    113e87fb
  • Salvatore Bonaccorso's avatar
    Revert "Triage results." · 9b37c29f
    Salvatore Bonaccorso authored 
    This reverts commit 2558c51f.

The issue was adressed in DLA-1632-1 for jessie, thus adding the
<ignored> causes more confusion.
    9b37c29f
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 9b37c29f
......@@ -639,6 +639,7 @@ CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder be
CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Media ...)
- liblivemedia 2018.11.26-1 (bug #919529)
NOTE: https://github.com/rgaufman/live555/issues/19
TODO: not entirely clear if 2018.11.26-1 is really the fixing version, cf. #919529
CVE-2019-6255
RESERVED
CVE-2019-6254
......@@ -13056,7 +13057,6 @@ CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_hea
{DLA-1632-1}
- libsndfile <unfixed> (bug #917416)
[stretch] - libsndfile <no-dsa> (Minor issue)
[jessie] - libsndfile <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
NOTE: https://github.com/erikd/libsndfile/issues/435
NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e