Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04e89d8c by Moritz Muehlenhoff at 2019-09-09T08:32:51Z
libsixel fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35066,13 +35066,13 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL
Injection vulnerability that
CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute
arbitrary pytho ...)
NOT-FOR-US: Sqla_yaml_fixtures
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in
the func ...)
- - libsixel <unfixed> (low; bug #922460)
+ - libsixel 1.8.2-2 (low; bug #922460)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function
sixel_de ...)
- - libsixel <unfixed> (low; bug #922460)
+ - libsixel 1.8.2-2 (low; bug #922460)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <postponed> (Minor issue)
@@ -42158,19 +42158,19 @@ CVE-2018-19765 (Cross Site Scripting exists in
InfoVista VistaPortal SE Version
CVE-2018-19764
REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function:
write_pn ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/82
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c
(function: image_ ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/81
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function:
sixel_dec ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/78
@@ -42183,7 +42183,7 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse
3.2.2 has a memory leak. ...
NOTE: Issue caused by premature exit without cleanup on an error in the
caller
NOTE: not in the library; Negligible security impact in itself and
disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h
(function: ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/77
@@ -42197,13 +42197,13 @@ CVE-2018-19758 (There is a heap-based buffer
over-read at wav.c in wav_write_hea
NOTE:
https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
NOTE: when fixing this issue, the fix needs to be made complete to not
open CVE-2019-3832
CVE-2018-19757 (There is a NULL pointer dereference at function
sixel_helper_set_addit ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/79
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h
(function: stbi_ ...)
- - libsixel <unfixed> (bug #931311)
+ - libsixel 1.8.2-2 (bug #931311)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/80
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04e89d8c73c5a96ffa0454f5d0d139c194373779
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04e89d8c73c5a96ffa0454f5d0d139c194373779
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
