Ubuntu CVE Tracker

Merge ~nickgalanis/ubuntu-cve-tracker:nick_branch into ubuntu-cve-tracker:master

  1. Git
  2. lp:~nickgalanis/ubuntu-cve-tracker
  3. nick_branch
  4. Merge into master
Proposed by Nick Galanis
Status: Merged
Merged at revision: 09a7888dddc2b260f55f7651f9496f1f242b3d8b
Proposed branch: ~nickgalanis/ubuntu-cve-tracker:nick_branch
Merge into: ubuntu-cve-tracker:master
Diff against target: 152 lines (+22/-21)
6 files modified
active/CVE-2018-7998 (+2/-2)
active/CVE-2019-6976 (+2/-1)
active/CVE-2020-20739 (+3/-3)
active/CVE-2021-27847 (+3/-3)
active/CVE-2023-40032 (+9/-9)
retired/CVE-2019-17534 (+3/-3)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+453455@code.launchpad.net

Commit message

triage and assign cves for vips

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/active/CVE-2018-7998 b/active/CVE-2018-7998
index 9a2f1fb..5f3d137 100644
--- a/active/CVE-2018-7998
+++ b/active/CVE-2018-7998
@@ -3,7 +3,7 @@ PublicDate: 2018-03-09 19:29:00 UTC
3References:3References:
4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-79984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7998
5 https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a55 https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
6 https://github.com/jcupitt/libvips/issues/8936 https://github.com/libvips/libvips/issues/893
7Description:7Description:
8 In libvips before 8.6.3, a NULL function pointer dereference vulnerability8 In libvips before 8.6.3, a NULL function pointer dereference vulnerability
9 was found in the vips_region_generate function in region.c, which allows9 was found in the vips_region_generate function in region.c, which allows
@@ -16,7 +16,7 @@ Bugs:
16 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=89258916 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892589
17Priority: medium17Priority: medium
18Discovered-by:18Discovered-by:
19Assigned-to:19Assigned-to: nickgalanis
20CVSS:20CVSS:
21 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H [7.5 HIGH]21 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H [7.5 HIGH]
2222
diff --git a/active/CVE-2019-6976 b/active/CVE-2019-6976
index ca7a22a..c5e9d19 100644
--- a/active/CVE-2019-6976
+++ b/active/CVE-2019-6976
@@ -2,6 +2,7 @@ Candidate: CVE-2019-6976
2PublicDate: 2019-01-26 23:29:00 UTC2PublicDate: 2019-01-26 23:29:00 UTC
3References:3References:
4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-69764 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6976
5 https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
5 https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a6 https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
6 https://github.com/libvips/libvips/releases/tag/v8.7.47 https://github.com/libvips/libvips/releases/tag/v8.7.4
7Description:8Description:
@@ -14,7 +15,7 @@ Notes:
14Bugs:15Bugs:
15Priority: medium16Priority: medium
16Discovered-by:17Discovered-by:
17Assigned-to:18Assigned-to: nickgalanis
18CVSS:19CVSS:
19 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]20 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
2021
diff --git a/active/CVE-2020-20739 b/active/CVE-2020-20739
index d353913..5ec5bf3 100644
--- a/active/CVE-2020-20739
+++ b/active/CVE-2020-20739
@@ -15,7 +15,7 @@ Mitigation:
15Bugs:15Bugs:
16Priority: medium16Priority: medium
17Discovered-by:17Discovered-by:
18Assigned-to:18Assigned-to: nickgalanis
19CVSS:19CVSS:
20 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]20 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
2121
@@ -26,9 +26,9 @@ precise/esm_vips: DNE
26trusty_vips: ignored (end of standard support)26trusty_vips: ignored (end of standard support)
27trusty/esm_vips: DNE27trusty/esm_vips: DNE
28xenial_vips: ignored (end of standard support, was needs-triage)28xenial_vips: ignored (end of standard support, was needs-triage)
29esm-apps/xenial_vips: needs-triage29esm-apps/xenial_vips: needed
30bionic_vips: ignored (end of standard support, was needs-triage)30bionic_vips: ignored (end of standard support, was needs-triage)
31esm-apps/bionic_vips: needs-triage31esm-apps/bionic_vips: needed
32focal_vips: not-affected (8.9.1-2)32focal_vips: not-affected (8.9.1-2)
33esm-apps/focal_vips: not-affected (8.9.1-2)33esm-apps/focal_vips: not-affected (8.9.1-2)
34groovy_vips: not-affected34groovy_vips: not-affected
diff --git a/active/CVE-2021-27847 b/active/CVE-2021-27847
index 90115f0..754d3d7 100644
--- a/active/CVE-2021-27847
+++ b/active/CVE-2021-27847
@@ -14,7 +14,7 @@ Mitigation:
14Bugs:14Bugs:
15Priority: low15Priority: low
16Discovered-by:16Discovered-by:
17Assigned-to:17Assigned-to: nickgalanis
18CVSS:18CVSS:
19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]
2020
@@ -24,9 +24,9 @@ upstream_vips: released (8.8.3-1)
24trusty_vips: ignored (end of standard support)24trusty_vips: ignored (end of standard support)
25trusty/esm_vips: DNE25trusty/esm_vips: DNE
26xenial_vips: ignored (end of standard support)26xenial_vips: ignored (end of standard support)
27esm-apps/xenial_vips: needs-triage27esm-apps/xenial_vips: needed
28bionic_vips: ignored (end of standard support, was needs-triage)28bionic_vips: ignored (end of standard support, was needs-triage)
29esm-apps/bionic_vips: needs-triage29esm-apps/bionic_vips: needed
30focal_vips: not-affected (8.9.1-2)30focal_vips: not-affected (8.9.1-2)
31esm-apps/focal_vips: not-affected (8.9.1-2)31esm-apps/focal_vips: not-affected (8.9.1-2)
32groovy_vips: not-affected32groovy_vips: not-affected
diff --git a/active/CVE-2023-40032 b/active/CVE-2023-40032
index 2fddc34..34459d4 100644
--- a/active/CVE-2023-40032
+++ b/active/CVE-2023-40032
@@ -18,7 +18,7 @@ Mitigation:
18Bugs:18Bugs:
19Priority: medium19Priority: medium
20Discovered-by:20Discovered-by:
21Assigned-to:21Assigned-to: nickgalanis
22CVSS:22CVSS:
23 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]23 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]
2424
@@ -26,12 +26,12 @@ Patches_vips:
26upstream_vips: released (8.14.4-1)26upstream_vips: released (8.14.4-1)
27trusty_vips: ignored (end of standard support)27trusty_vips: ignored (end of standard support)
28xenial_vips: ignored (end of standard support)28xenial_vips: ignored (end of standard support)
29esm-apps/xenial_vips: needs-triage29esm-apps/xenial_vips: not-affected (code not present)
30bionic_vips: ignored (end of standard support)30bionic_vips: ignored (end of standard support)
31esm-apps/bionic_vips: needs-triage31esm-apps/bionic_vips: not-affected (code not present)
32focal_vips: needs-triage32focal_vips: not-affected (code not present)
33esm-apps/focal_vips: needs-triage33esm-apps/focal_vips: not-affected (code not present)
34jammy_vips: needs-triage34jammy_vips: needed
35esm-apps/jammy_vips: needs-triage35esm-apps/jammy_vips: needed
36lunar_vips: needs-triage36lunar_vips: needed
37devel_vips: needs-triage37devel_vips: needed
diff --git a/active/CVE-2019-17534 b/retired/CVE-2019-17534
38similarity index 93%38similarity index 93%
39rename from active/CVE-2019-1753439rename from active/CVE-2019-17534
40rename to retired/CVE-2019-1753440rename to retired/CVE-2019-17534
index c45db42..6847349 100644
--- a/active/CVE-2019-17534
+++ b/retired/CVE-2019-17534
@@ -22,14 +22,14 @@ CVSS:
2222
2323
24Patches_vips:24Patches_vips:
25upstream_vips: needs-triage25upstream_vips: not-affected (code not present)
26precise/esm_vips: DNE26precise/esm_vips: DNE
27trusty_vips: ignored (end of standard support)27trusty_vips: ignored (end of standard support)
28trusty/esm_vips: DNE28trusty/esm_vips: DNE
29xenial_vips: ignored (end of standard support, was needs-triage)29xenial_vips: ignored (end of standard support, was needs-triage)
30esm-apps/xenial_vips: needs-triage30esm-apps/xenial_vips: not-affected (code not present)
31bionic_vips: ignored (end of standard support, was needs-triage)31bionic_vips: ignored (end of standard support, was needs-triage)
32esm-apps/bionic_vips: needs-triage32esm-apps/bionic_vips: not-affected (code not present)
33disco_vips: ignored (end of life)33disco_vips: ignored (end of life)
34eoan_vips: ignored (end of life)34eoan_vips: ignored (end of life)
35focal_vips: not-affected (8.8.3-3)35focal_vips: not-affected (8.8.3-3)

Subscribers

People subscribed via source and target branches