Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b7e42592 by Salvatore Bonaccorso at 2022-03-11T20:35:31+01:00 Revert "CVE-2020-36123/libsixel <not-affected>" This reverts commit 328df32fa750eab663b5d810216c65b31a900ac3. Not reproducing is not directly a reason for beeing not-affected. Maybe the issue turns out it's invalid. If this can be confirmed asking MITRE to reject (or at least dispute) the CVE entry can be an option. Asked reporter of the issue about the reason: https://github.com/saitoha/libsixel/issues/144 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -80765,9 +80765,7 @@ CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affec CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36123 (saitoha libsixel v1.8.6 was discovered to contain a double free via th ...) - - libsixel <not-affected> (cannot reproduce) - NOTE: https://github.com/saitoha/libsixel/issues/144 - NOTE: upstream issue closed by submitter without upstream comment + TODO: check CVE-2020-36122 RESERVED CVE-2020-36121 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e4259227bbc77d301bdc1fe3430cbe6a6b7346 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e4259227bbc77d301bdc1fe3430cbe6a6b7346 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
