Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6445b083 by Salvatore Bonaccorso at 2019-07-15T19:34:04Z Add information for CVE-2019-1010006/evince The issue was fixed in evince via e6ed0d4 ("Remove unused configure check for cairo_format_stride_for_width") and e02fe91 ("Fix overflow checks in tiff backend"). Cf. https://bugzilla.gnome.org/show_bug.cgi?id=788980#c7 . Those are included in upstream version 3.27.91 and first included in Debian unstable as per the 3.27.92-1 upload. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10230,8 +10230,10 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross CVE-2019-1010007 RESERVED CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...) - - evince <unfixed> + - evince 3.27.92-1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980 + NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91) + NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 (3.27.91) TODO: track down in depth, whether in Evince or libtiff and if fixed CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...) NOT-FOR-US: HexoEditor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6445b08321c52f747a5d12ec8c8c78449ecffd31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6445b08321c52f747a5d12ec8c8c78449ecffd31 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
