Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
537e9a86 by Moritz Muehlenhoff at 2020-01-21T23:13:02+01:00
first steps at libstb triage
- - - - -
2 changed files:
- data/CVE/list
- data/embedded-code-copies
Changes:
=====================================
data/CVE/list
=====================================
@@ -69795,11 +69795,9 @@ CVE-2018-19759 (There is a heap-based buffer over-read
at stb_image_write.h (fun
[buster] - libsixel 1.8.2-1+deb10u1
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
- - libstb <unfixed> (low)
- [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/77
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
- NOTE: Potentially affects darknet, gem, yquake2, osgearth, renderdoc,
glfw3, utox, goxel, mame, libsfml
+ NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in
wav_write_header in ...)
{DLA-1632-1}
- libsndfile 1.0.28-5 (bug #917416)
=====================================
data/embedded-code-copies
=====================================
@@ -3461,3 +3461,6 @@ ezxml (not packaged)
- navit <unfixed> (embed)
- netcdf <unfixed> (embed)
- netcdf-parallel <unfixed> (embed)
+
+libstb
+ - goxel <unfixed> (embed; bug #949552)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/537e9a86d320196c71fc1c83d3a36ebbbc793f5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/537e9a86d320196c71fc1c83d3a36ebbbc793f5e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
