Add CVE-2019-17582/libzip

Note that the reporter states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858." and a second CVE assigned. Please double-check correctness of CVE-2019-17582 tracking.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-02-18 07:31:45 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-02-18 07:31:45 +0100
commit: 68ae7af745ba9de1b3f9ad431693953c5613f4ad (patch)
tree: a82a73666469a6d3e374c5ea084dde40617cd832 /data/CVE/2017.list
parent: 3a580f3aeb1c927eaba55af4cf2948ec1abd23ee (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 36725a59c0..a1fac96a2a 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -17282,7 +17282,7 @@ CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS
 CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...)
 	- libzip <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
-	NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
+	NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0)
 CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...)
 	NOT-FOR-US: Polycom
 CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote  ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-02-18 07:31:45 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-02-18 07:31:45 +0100
commit	68ae7af745ba9de1b3f9ad431693953c5613f4ad (patch)
tree	a82a73666469a6d3e374c5ea084dde40617cd832 /data/CVE/2017.list
parent	3a580f3aeb1c927eaba55af4cf2948ec1abd23ee (diff)