Hello, On Sat, Nov 02, 2019 at 08:59:25PM +0100, Salvatore Bonaccorso wrote: > Source: freetds > Version: 1.1.6-1 > Severity: important > Tags: security upstream fixed-upstream > Control: found -1 1.00.104-1
> The following vulnerability was published for freetds. > CVE-2019-13508[0]: > | FreeTDS through 1.1.11 has a Buffer Overflow. Where does this "1.1.11" number come from? I do not see any releases newer than 1.1.6 upstream. > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-13508 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13508 > [1] > https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac > [2] https://bugs.launchpad.net/bugs/1835896 > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1736255 > [4] https://bugzilla.novell.com/show_bug.cgi?id=1141132 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
