Ubuntu CVE Tracker

Merge ~nickgalanis/ubuntu-cve-tracker:nick_branch into ubuntu-cve-tracker:master

  1. Git
  2. lp:~nickgalanis/ubuntu-cve-tracker
  3. nick_branch
  4. Merge into master
Proposed by Nick Galanis
Status: Merged
Merged at revision: 09a7888dddc2b260f55f7651f9496f1f242b3d8b
Proposed branch: ~nickgalanis/ubuntu-cve-tracker:nick_branch
Merge into: ubuntu-cve-tracker:master
Diff against target: 152 lines (+22/-21)
6 files modified
active/CVE-2018-7998 (+2/-2)
active/CVE-2019-6976 (+2/-1)
active/CVE-2020-20739 (+3/-3)
active/CVE-2021-27847 (+3/-3)
active/CVE-2023-40032 (+9/-9)
retired/CVE-2019-17534 (+3/-3)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+453455@code.launchpad.net

Commit message

triage and assign cves for vips

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2018-7998 b/active/CVE-2018-7998
2index 9a2f1fb..5f3d137 100644
3--- a/active/CVE-2018-7998
4+++ b/active/CVE-2018-7998
5@@ -3,7 +3,7 @@ PublicDate: 2018-03-09 19:29:00 UTC
6 References:
7 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7998
8 https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
9- https://github.com/jcupitt/libvips/issues/893
10+ https://github.com/libvips/libvips/issues/893
11 Description:
12 In libvips before 8.6.3, a NULL function pointer dereference vulnerability
13 was found in the vips_region_generate function in region.c, which allows
14@@ -16,7 +16,7 @@ Bugs:
15 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892589
16 Priority: medium
17 Discovered-by:
18-Assigned-to:
19+Assigned-to: nickgalanis
20 CVSS:
21 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H [7.5 HIGH]
22
23diff --git a/active/CVE-2019-6976 b/active/CVE-2019-6976
24index ca7a22a..c5e9d19 100644
25--- a/active/CVE-2019-6976
26+++ b/active/CVE-2019-6976
27@@ -2,6 +2,7 @@ Candidate: CVE-2019-6976
28 PublicDate: 2019-01-26 23:29:00 UTC
29 References:
30 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6976
31+ https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
32 https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
33 https://github.com/libvips/libvips/releases/tag/v8.7.4
34 Description:
35@@ -14,7 +15,7 @@ Notes:
36 Bugs:
37 Priority: medium
38 Discovered-by:
39-Assigned-to:
40+Assigned-to: nickgalanis
41 CVSS:
42 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
43
44diff --git a/active/CVE-2020-20739 b/active/CVE-2020-20739
45index d353913..5ec5bf3 100644
46--- a/active/CVE-2020-20739
47+++ b/active/CVE-2020-20739
48@@ -15,7 +15,7 @@ Mitigation:
49 Bugs:
50 Priority: medium
51 Discovered-by:
52-Assigned-to:
53+Assigned-to: nickgalanis
54 CVSS:
55 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
56
57@@ -26,9 +26,9 @@ precise/esm_vips: DNE
58 trusty_vips: ignored (end of standard support)
59 trusty/esm_vips: DNE
60 xenial_vips: ignored (end of standard support, was needs-triage)
61-esm-apps/xenial_vips: needs-triage
62+esm-apps/xenial_vips: needed
63 bionic_vips: ignored (end of standard support, was needs-triage)
64-esm-apps/bionic_vips: needs-triage
65+esm-apps/bionic_vips: needed
66 focal_vips: not-affected (8.9.1-2)
67 esm-apps/focal_vips: not-affected (8.9.1-2)
68 groovy_vips: not-affected
69diff --git a/active/CVE-2021-27847 b/active/CVE-2021-27847
70index 90115f0..754d3d7 100644
71--- a/active/CVE-2021-27847
72+++ b/active/CVE-2021-27847
73@@ -14,7 +14,7 @@ Mitigation:
74 Bugs:
75 Priority: low
76 Discovered-by:
77-Assigned-to:
78+Assigned-to: nickgalanis
79 CVSS:
80 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]
81
82@@ -24,9 +24,9 @@ upstream_vips: released (8.8.3-1)
83 trusty_vips: ignored (end of standard support)
84 trusty/esm_vips: DNE
85 xenial_vips: ignored (end of standard support)
86-esm-apps/xenial_vips: needs-triage
87+esm-apps/xenial_vips: needed
88 bionic_vips: ignored (end of standard support, was needs-triage)
89-esm-apps/bionic_vips: needs-triage
90+esm-apps/bionic_vips: needed
91 focal_vips: not-affected (8.9.1-2)
92 esm-apps/focal_vips: not-affected (8.9.1-2)
93 groovy_vips: not-affected
94diff --git a/active/CVE-2023-40032 b/active/CVE-2023-40032
95index 2fddc34..34459d4 100644
96--- a/active/CVE-2023-40032
97+++ b/active/CVE-2023-40032
98@@ -18,7 +18,7 @@ Mitigation:
99 Bugs:
100 Priority: medium
101 Discovered-by:
102-Assigned-to:
103+Assigned-to: nickgalanis
104 CVSS:
105 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]
106
107@@ -26,12 +26,12 @@ Patches_vips:
108 upstream_vips: released (8.14.4-1)
109 trusty_vips: ignored (end of standard support)
110 xenial_vips: ignored (end of standard support)
111-esm-apps/xenial_vips: needs-triage
112+esm-apps/xenial_vips: not-affected (code not present)
113 bionic_vips: ignored (end of standard support)
114-esm-apps/bionic_vips: needs-triage
115-focal_vips: needs-triage
116-esm-apps/focal_vips: needs-triage
117-jammy_vips: needs-triage
118-esm-apps/jammy_vips: needs-triage
119-lunar_vips: needs-triage
120-devel_vips: needs-triage
121+esm-apps/bionic_vips: not-affected (code not present)
122+focal_vips: not-affected (code not present)
123+esm-apps/focal_vips: not-affected (code not present)
124+jammy_vips: needed
125+esm-apps/jammy_vips: needed
126+lunar_vips: needed
127+devel_vips: needed
128diff --git a/active/CVE-2019-17534 b/retired/CVE-2019-17534
129similarity index 93%
130rename from active/CVE-2019-17534
131rename to retired/CVE-2019-17534
132index c45db42..6847349 100644
133--- a/active/CVE-2019-17534
134+++ b/retired/CVE-2019-17534
135@@ -22,14 +22,14 @@ CVSS:
136
137
138 Patches_vips:
139-upstream_vips: needs-triage
140+upstream_vips: not-affected (code not present)
141 precise/esm_vips: DNE
142 trusty_vips: ignored (end of standard support)
143 trusty/esm_vips: DNE
144 xenial_vips: ignored (end of standard support, was needs-triage)
145-esm-apps/xenial_vips: needs-triage
146+esm-apps/xenial_vips: not-affected (code not present)
147 bionic_vips: ignored (end of standard support, was needs-triage)
148-esm-apps/bionic_vips: needs-triage
149+esm-apps/bionic_vips: not-affected (code not present)
150 disco_vips: ignored (end of life)
151 eoan_vips: ignored (end of life)
152 focal_vips: not-affected (8.8.3-3)

Subscribers

People subscribed via source and target branches