From 7f5240b146ebe5d4c7909047639ec1c5b633b026 Mon Sep 17 00:00:00 2001 From: Thorsten Alteholz Date: Thu, 29 Oct 2020 16:21:21 +0100 Subject: consistently fix libsndfile CVEs in all suites --- data/CVE/2017.list | 4 ---- data/CVE/2018.list | 3 --- data/CVE/2019.list | 1 - 3 files changed, 8 deletions(-) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 13cea10cdd..60cf0b6b9b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -12374,7 +12374,6 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) {DLA-1618-1} - libsndfile 1.0.28-5 (bug #876783) - [stretch] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 @@ -13507,14 +13506,12 @@ CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eon CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) - [stretch] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -34896,7 +34893,6 @@ CVE-2017-6893 CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) {DLA-985-1} - libsndfile 1.0.28-1 (bug #864704) - [stretch] - libsndfile (Minor issue) [jessie] - libsndfile (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 91fc443fff..bafc485163 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -4432,7 +4432,6 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...) {DLA-1632-1} - libsndfile 1.0.28-5 (bug #917416) - [stretch] - libsndfile (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812 NOTE: https://github.com/erikd/libsndfile/issues/435 NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e @@ -4661,14 +4660,12 @@ CVE-2018-19663 CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) {DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index d64b81200e..81369e7e23 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -45001,7 +45001,6 @@ CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...) {DLA-1712-1} - libsndfile 1.0.28-6 (bug #922372) - [stretch] - libsndfile (Incomplete fix for CVE-2018-19758 not applied) NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 NOTE: https://github.com/erikd/libsndfile/pull/460 NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008 -- cgit v1.2.3