[Git][security-tracker-team/security-tracker][master] Two potrace issues fixed in unstable

Sat, 19 May 2018 09:28:19 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
33a0a1d1 by Salvatore Bonaccorso at 2018-05-19T18:27:22+02:00
Two potrace issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46375,7 +46375,7 @@ CVE-2017-12069 (An XXE vulnerability has been 
identified in OPC Foundation UA .N
 CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug 
array ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the 
interpolate_cubic ...)
-       - potrace <unfixed> (unimportant; bug #870356)
+       - potrace 1.15-1 (unimportant; bug #870356)
        NOTE: 
https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
        NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
        NOTE: Crash only in CLI tool mkbitmap, negligible security impact
@@ -61383,7 +61383,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the 
fz_subsample_pixmap function 
        NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer 
overflow
        NOTE: in fz_subsample_pixmap.
 CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 
allows ...)
-       - potrace <unfixed> (bug #858763)
+       - potrace 1.15-1 (bug #858763)
        [stretch] - potrace <no-dsa> (Minor issue)
        [jessie] - potrace <no-dsa> (Minor issue)
        [wheezy] - potrace <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to