Bug 1137822 - (CVE-2018-19801) VUL-0: CVE-2018-19801: aubio: NULL pointer dereference
(CVE-2018-19801)
VUL-0: CVE-2018-19801: aubio: NULL pointer dereference
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/234586/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-11 07:34 UTC by Alexander Bergmann
Modified: 2019-07-03 08:27 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2019-06-12 14:11:24 UTC
Zero information about the actual matter and the corresponding fix, and the git commits of aubio are horrible, zero comments.

I can only wild-guess this corresponding to the commit eda95c9c22b4f0b466ae94c4708765eaae6e709e
    [filterbank] validate input parameters
Comment 2 Takashi Iwai 2019-06-12 14:43:08 UTC
The fix is submitted to Leap 42.3, Leap 15.0 and Leap 15.1.
Reassigned back to security team.
Comment 3 Swamp Workflow Management 2019-06-12 15:50:32 UTC
This is an autogenerated message for OBS integration:
This bug (1137822) was mentioned in
https://build.opensuse.org/request/show/709475 15.0 / aubio
https://build.opensuse.org/request/show/709476 15.1 / aubio
https://build.opensuse.org/request/show/709513 42.3 / aubio
Comment 4 Swamp Workflow Management 2019-06-24 19:11:18 UTC
openSUSE-SU-2019:1618-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137822,1137823,1137828
CVE References: CVE-2018-19800,CVE-2018-19801,CVE-2018-19802
Sources used:
openSUSE Leap 42.3 (src):    aubio-0.4.1-9.13.1
openSUSE Leap 15.1 (src):    aubio-0.4.6-lp151.6.3.1, python-aubio-0.4.6-lp151.6.3.1
openSUSE Leap 15.0 (src):    aubio-0.4.6-lp150.3.10.1, python-aubio-0.4.6-lp150.3.10.1
Comment 5 Swamp Workflow Management 2019-06-25 13:12:05 UTC
openSUSE-SU-2019:1624-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137822,1137823,1137828
CVE References: CVE-2018-19800,CVE-2018-19801,CVE-2018-19802
Sources used:
openSUSE Backports SLE-15 (src):    aubio-0.4.6-bp150.3.12.1, python-aubio-0.4.6-bp150.3.12.1
Comment 6 Marcus Meissner 2019-07-03 08:27:35 UTC
released