[Git][security-tracker-team/security-tracker][master] Revert "Mark jessie as not-affected for some CVE of transfig"

Sun, 19 Jan 2020 21:46:47 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8f376512 by Salvatore Bonaccorso at 2020-01-20T06:45:11+01:00
Revert "Mark jessie as not-affected for some CVE of transfig"

Unreproducible does nto mean that an issue does not affect the package.

This reverts commit f5d6f0385e6b888a066574bc5564c09776d0f8b2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8866,7 +8866,7 @@ CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 
3.2.7b has an out-of-bou
        [buster] - fig2dev <no-dsa> (Minor issue)
        [stretch] - fig2dev <no-dsa> (Minor issue)
        - transfig <removed>
-       [jessie] - transfig <not-affected> (Unreproducible)
+       [jessie] - transfig <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/mcj/tickets/67/
 CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a 
use-after- ...)
        - linux 5.3.15-1
@@ -10013,7 +10013,6 @@ CVE-2019-19747 (NeuVector 3.1 when configured to allow 
authentication via Active
 CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a 
segmentation fau ...)
        - fig2dev 1:3.2.7b-3 (unimportant; bug #946628)
        - transfig <removed> (unimportant)
-       [jessie] - transfig <not-affected> (Unreproducible)
        NOTE: https://sourceforge.net/p/mcj/tickets/57/
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
 CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A 
back end u ...)
@@ -12838,7 +12837,6 @@ CVE-2019-19556
 CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a 
stack-based buf ...)
        - fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
        - transfig <removed> (unimportant)
-       [jessie] - transfig <not-affected> (Unreproducible)
        NOTE: https://sourceforge.net/p/mcj/tickets/55/
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
        NOTE: Crash in CLI tool, negligible security impact



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f37651249b2e34c834e4c2e9ff2edb659815116

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f37651249b2e34c834e4c2e9ff2edb659815116
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to