Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eab6c33b by Salvatore Bonaccorso at 2022-12-03T09:33:22+01:00
Mark CVE-2020-23922 as unimportant
Not clear reproducible, but impact is negligible. Err rather on the safe
side, but mark it unimportant as it only affects gif2rgb crashing.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -165956,11 +165956,9 @@ CVE-2020-23924
CVE-2020-23923
RESERVED
CVE-2020-23922 (An issue was discovered in giflib through 5.1.4.
DumpScreen2RGB in gif ...)
- - giflib <unfixed> (bug #988151)
- [bullseye] - giflib <no-dsa> (Minor issue)
- [buster] - giflib <no-dsa> (Minor issue)
- [stretch] - giflib <no-dsa> (Minor issue)
+ - giflib <unfixed> (unimportant; bug #988151)
NOTE: https://sourceforge.net/p/giflib/bugs/151/
+ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex()
in asn_c ...)
NOT-FOR-US: fast_ber
CVE-2020-23920
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
