[Git][security-tracker-team/security-tracker][master] new libsixel issues

Thu, 03 Jan 2019 05:25:01 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2fd6a921 by Moritz Muehlenhoff at 2019-01-03T13:24:01Z
new libsixel issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because 
Directory ...)
-       TODO: check
+       NOT-FOR-US: OpenRefine
 CVE-2019-3579
        RESERVED
 CVE-2019-3578
@@ -11,9 +11,13 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection 
vulnerability that
 CVE-2019-3575
        RESERVED
 CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in 
the ...)
-       TODO: check
+       - libsixel <unfixed> (low)
+       [stretch] - libsixel <no-dsa> (Minor issue)
+       NOTE: https://github.com/saitoha/libsixel/issues/83
 CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function 
...)
-       TODO: check
+       - libsixel <unfixed> (low)
+       [stretch] - libsixel <no-dsa> (Minor issue)
+       NOTE: https://github.com/saitoha/libsixel/issues/83
 CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based 
buffer ...)
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/169
@@ -166,7 +170,7 @@ CVE-2018-20660
 CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom 
class in ...)
        NOT-FOR-US: Bento4
 CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms 
allows remote ...)
-       TODO: check
+       NOT-FOR-US: Core FTP
 CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU 
libiberty, as ...)
        - binutils <unfixed> (low)
        [stretch] - binutils <ignored> (Minor issue)
@@ -198,7 +202,7 @@ CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL 
Injection via the ...)
 CVE-2018-20653
        RESERVED
 CVE-2018-20652 (An attempted excessive memory allocation was discovered in the 
function ...)
-       TODO: check
+       NOT-FOR-US: tinyexr
 CVE-2018-20651 (A NULL pointer dereference was discovered in ...)
        - binutils <unfixed>
        [stretch] - binutils <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to