[Git][security-tracker-team/security-tracker][master] new npm/sixel issues

Fri, 13 Dec 2019 02:15:14 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c6aa5cdc by Moritz Muehlenhoff at 2019-12-13T10:14:23Z
new npm/sixel issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,9 +9,15 @@ CVE-2019-19780
 CVE-2019-19779
        RESERVED
 CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a 
heap-based buffe ...)
-       TODO: check
+       - libsixel <unfixed>
+       [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
+       NOTE: https://github.com/saitoha/libsixel/issues/110
 CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in 
libsixel and o ...)
-       TODO: check
+       - libsixel <unfixed>
+       [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
+       NOTE: https://github.com/saitoha/libsixel/issues/109
 CVE-2019-19776
        RESERVED
 CVE-2019-19775
@@ -14624,11 +14630,17 @@ CVE-2019-16779
 CVE-2019-16778
        RESERVED
 CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an 
Arbitrary ...)
-       TODO: check
+       - npm <unfixed>
+       NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
+       NOTE: 
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16776 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an 
Arbitrary ...)
-       TODO: check
+       - npm <unfixed>
+       NOTE: https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
+       NOTE: 
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16775 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an 
Arbitrary ...)
-       TODO: check
+       - npm <unfixed>
+       NOTE: https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
+       NOTE: 
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object 
injection vul ...)
        TODO: check
 CVE-2019-16773



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6aa5cdcb387c38683ee0fd1360ac140f1949b15

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6aa5cdcb387c38683ee0fd1360ac140f1949b15
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to