diff options
| author | Thorsten Alteholz <debian@alteholz.de> | 2020-10-29 16:21:21 +0100 |
|---|---|---|
| committer | Thorsten Alteholz <debian@alteholz.de> | 2020-10-29 16:21:21 +0100 |
| commit | 7f5240b146ebe5d4c7909047639ec1c5b633b026 (patch) | |
| tree | fb35a86884701e18f8daf79e54dfbfddbdbbaa81 | |
| parent | e93d915228730943299d008efd04c563c438498a (diff) | |
consistently fix libsndfile CVEs in all suites
| -rw-r--r-- | data/CVE/2017.list | 4 | ||||
| -rw-r--r-- | data/CVE/2018.list | 3 | ||||
| -rw-r--r-- | data/CVE/2019.list | 1 |
3 files changed, 0 insertions, 8 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 13cea10cdd..60cf0b6b9b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -12374,7 +12374,6 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) {DLA-1618-1} - libsndfile 1.0.28-5 (bug #876783) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 @@ -13507,14 +13506,12 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile <ignored> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -34896,7 +34893,6 @@ CVE-2017-6893 CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) {DLA-985-1} - libsndfile 1.0.28-1 (bug #864704) - [stretch] - libsndfile <ignored> (Minor issue) [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 91fc443fff..bafc485163 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -4432,7 +4432,6 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...) {DLA-1632-1} - libsndfile 1.0.28-5 (bug #917416) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812 NOTE: https://github.com/erikd/libsndfile/issues/435 NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e @@ -4661,14 +4660,12 @@ CVE-2018-19663 CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index d64b81200e..81369e7e23 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -45001,7 +45001,6 @@ CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...) {DLA-1712-1} - libsndfile 1.0.28-6 (bug #922372) - [stretch] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied) NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 NOTE: https://github.com/erikd/libsndfile/pull/460 NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008 |