Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
faf785b6 by Salvatore Bonaccorso at 2022-05-28T10:32:12+02:00
Add for now back a todo item for CVE-2021-4270{0,2,4}
As pointed out in the previous commit f134d659cbbe
("CVE-2021-42700,CVE-2021-42702,CVE-2021-42704/inkscape: add
reference")
by Sylvain, it's actually unclear which changes in libuemf do address
the assigned CVEs according to the done research by SuSE contributor in
contact with upstream.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41914,18 +41914,21 @@ CVE-2021-42704 (Inkscape version 0.19 is vulnerable
to an out-of-bounds write, w
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious
Javascrip ...)
NOT-FOR-US: Advantech
CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer,
which may a ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42701 (An attacker could prepare a specially crafted project file
that, if op ...)
NOT-FOR-US: AzeoTech
CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which
may allow ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating
possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42699 (The affected product is vulnerable to cookie information being
transmi ...)
NOT-FOR-US: AzeoTech
CVE-2021-42698 (Project files are stored memory objects in the form of binary
serializ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf785b604f8239604e07e8a7e5d20e769c3a985
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf785b604f8239604e07e8a7e5d20e769c3a985
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
