"-Synchronized-Data."

2025-06-10 02:04:31 +00:00 · 2019-07-29 11:00:57 +00:00 · 2019-07-29 11:00:57 +00:00 · 250a7f887f
commit 250a7f887f
parent 042eec1976
2 changed files with 68 additions and 1 deletions
--- a/2019/13xxx/CVE-2019-13012.json
+++ b/2019/13xxx/CVE-2019-13012.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450."
+                "value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450."
            }
        ]
    },
@ -81,6 +81,11 @@
                "refsource": "SUSE",
                "name": "openSUSE-SU-2019:1749",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12",
+                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
            }
        ]
    }
--- a/2019/14xxx/CVE-2019-14378.json
+++ b/2019/14xxx/CVE-2019-14378.json
@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-14378",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210",
+                "refsource": "MISC",
+                "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210"
+            }
+        ]
+    }
+}