PublicDateAtUSN: 2019-07-09 00:00:00 UTC
Candidate: CVE-2019-11476
CRD: 2019-07-09 00:00:00 UTC
PublicDate: 2019-08-29 15:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11476
 https://ubuntu.com/security/notices/USN-4052-1
Description:
 An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1,
 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write
 to a heap allocated buffer when processing large crash dumps. This results
 in a crash or possible code-execution in the context of the whoopsie
 process.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830863
Priority: medium
Discovered-by: Kevin Backhouse of Semmle Security Research Team
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_whoopsie:
upstream_whoopsie: needs-triage
precise/esm_whoopsie: DNE
trusty/esm_whoopsie: DNE
xenial_whoopsie: released (0.2.52.5ubuntu0.1)
esm-infra/xenial_whoopsie: released (0.2.52.5ubuntu0.1)
bionic_whoopsie: released (0.2.62ubuntu0.1)
cosmic_whoopsie: released (0.2.62ubuntu1)
disco_whoopsie: released (0.2.64ubuntu0.1)
devel_whoopsie: released (0.2.66)