[Git][security-tracker-team/security-tracker][master] new curl issues

Wed, 06 Feb 2019 02:12:21 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
496d56e6 by Moritz Muehlenhoff at 2019-02-06T10:11:31Z
new curl issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8123,10 +8123,16 @@ CVE-2019-3825
        RESERVED
 CVE-2019-3824
        RESERVED
-CVE-2019-3823
+CVE-2019-3823 [curl: SMTP end-of-response out-of-bounds read]
        RESERVED
-CVE-2019-3822
+       - curl <unfixed>
+       NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
+       NOTE: 
https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
+CVE-2019-3822 [curl: NTLMv2 type-3 header stack buffer overflow]
        RESERVED
+       - curl <unfixed>
+       NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
+       NOTE: 
https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
 CVE-2019-3821
        RESERVED
 CVE-2019-3820 [partial lock screen bypass]
@@ -25749,8 +25755,11 @@ CVE-2018-16892
        RESERVED
 CVE-2018-16891
        RESERVED
-CVE-2018-16890
+CVE-2018-16890 [curl: NTLM type-2 out-of-bounds buffer read]
        RESERVED
+       - curl <unfixed>
+       NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
+       NOTE: 
https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
 CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug 
logging for ...)
        - ceph <unfixed> (low; bug #918969)
        [stretch] - ceph <no-dsa> (Minor issue)
@@ -45991,7 +46000,6 @@ CVE-2018-9246 (The PGObject::Util::DBAdmin module 
before 0.120.0 for Perl, as us
        NOTE: 
https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218
        NOTE: 
https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/dc48d0e1af0dbf861779b2c781e0f4c612c22cfb
        NOTE: https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html
-       TODO: check if set of commits complete
 CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL 
injection ...)
        NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
 CVE-2018-9242 (The PAN-OS management web interface page in PAN-OS 6.1.20 and 
earlier, ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ ansible
 --
 chromium
 --
+curl (ghedo)
+--
 faad2
   not yet fixed upstream
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/496d56e65eb3e7d0b32f6c17c67e671961b77f09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/496d56e65eb3e7d0b32f6c17c67e671961b77f09
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to