[Git][security-tracker-team/security-tracker][master] sixel, tinymce bugs

Wed, 21 Oct 2020 11:02:58 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e42be8ef by Moritz Mühlenhoff at 2020-10-21T20:02:12+02:00
sixel, tinymce bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20849,7 +20849,7 @@ CVE-2020-17482 (An issue has been found in PowerDNS 
Authoritative Server before
 CVE-2020-17481
        RESERVED
 CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the 
core parse ...)
-       - tinymce <unfixed>
+       - tinymce <unfixed> (bug #972642)
        [buster] - tinymce <no-dsa> (Minor issue)
        [stretch] - tinymce <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
@@ -33047,7 +33047,7 @@ CVE-2020-12650
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c 
directory tr ...)
        NOT-FOR-US: Gurbalib
 CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 
and earlie ...)
-       - tinymce <unfixed>
+       - tinymce <unfixed> (bug #972642)
        [buster] - tinymce <no-dsa> (Minor issue)
        [stretch] - tinymce <not-affected> (Vulnerable code not present and not 
reproducible)
        NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
@@ -36355,7 +36355,7 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or 
crawl) before 0.25 allows
        NOTE: 
https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
        NOTE: 
https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an 
uninitiali ...)
-       - libsixel <unfixed> (low)
+       - libsixel <unfixed> (low; bug #972641)
        [buster] - libsixel <no-dsa> (Minor issue)
        [stretch] - libsixel <no-dsa> (Minor issue)
        [jessie] - libsixel <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42be8ef4cbf46ce2f5674cfa2b90d324598cecf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42be8ef4cbf46ce2f5674cfa2b90d324598cecf
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to