Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
134f28bb by Neil Williams at 2021-09-03T14:53:54+01:00
CVE-2020-28600/openscad - fixed in bullseye, not in buster.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57164,9 +57164,12 @@ CVE-2020-28601 (A code execution vulnerability exists
in the Nef polygon-parsing
[buster] - cgal <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2020-28600 (An out-of-bounds write vulnerability exists in the
import_stl.cc:impor ...)
- - openscad <undetermined>
+ - openscad 2021.01-1
+ [buster] - openscad <unfixed>
+ [stretch] - openscad <not-affected> (Vulnerable code introduced later)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224
- TODO: cheick, maybe fixed already in 2021.01-1
+ NOTE: introduced at
https://github.com/openscad/openscad/commit/25ec72ce0770115ad62c17fe10ee7464ac256391
+ NOTE: vulnerable code removed at
https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the
import_stl.c ...)
- openscad 2021.01-1
[buster] - openscad <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134f28bb85cc6e7831b614a93a8f32c2150dd38f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134f28bb85cc6e7831b614a93a8f32c2150dd38f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
