data/CVE/list

@@ -153,19 +153,27 @@ CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault c
 	- elfutils <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function ...)
 	- elfutils <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35
 CVE-2019-7148 (An attempted excessive memory allocation was discovered in the function ...)
-	- elfutils <unfixed>
+	- elfutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085
+	NOTE: malloc can fail on invalid file, but "nothing" bad with security implication will
+	NOTE: happen, negligible security impact.
 CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmlib ...)
 	TODO: check
 CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note ...)
 	- elfutils <unfixed>
+	[stretch] - elfutils <not-affected> (Vulnerable code introduced in 0.175)
+	[jessie] - elfutils <not-affected> (Vulnerable code introduced in 0.175)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24075
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24081
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=012018907ca05eb0ab51d424a596ef38fc87cae1
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=cd7ded3df43f655af945c869976401a602e46fcd
 CVE-2019-7145
 	RESERVED
 CVE-2019-7144