[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust version for CVE-2018-11489/giflib

Mon, 05 Dec 2022 05:15:11 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9796f3a3 by Salvatore Bonaccorso at 2022-12-05T14:14:01+01:00
Adjust version for CVE-2018-11489/giflib

The patch did not land in 4.1.6-11 but was applied earlier to unstable
in 4.1.4-1.

- - - - -
91e19f58 by Salvatore Bonaccorso at 2022-12-05T14:14:02+01:00
Mark one non-cveified giflib issue as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -305201,7 +305201,7 @@ CVE-2018-11490 (The DGifDecompressLine function in 
dgif_lib.c in GIFLIB (possibl
        NOTE: 
https://sourceforge.net/p/giflib/code/ci/08438a5098f3bb1de23a29334af55eba663f75bd/
        NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from 
giflib.
 CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB 
(possibly vers ...)
-       - giflib 4.1.6-11 (bug #904113)
+       - giflib 4.1.4-1 (bug #904113)
        NOTE: https://github.com/pts/sam2p/issues/37
        NOTE: https://sourceforge.net/p/giflib/bugs/112/
        NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from 
giflib.
@@ -413548,10 +413548,7 @@ CVE-2015-8786 (The Management plugin in RabbitMQ 
before 3.6.1 allows remote auth
        [wheezy] - rabbitmq-server <not-affected> (lengths_age or lengths_incr 
parameters are not present)
        NOTE: https://github.com/rabbitmq/rabbitmq-management/issues/97
 CVE-2016-XXXX [out of bound read and write issues]
-       - giflib 5.1.4-0.1 (bug #820594)
-       [jessie] - giflib <no-dsa> (unimportant)
-       [wheezy] - giflib <no-dsa> (Minor issue)
-       [squeeze] - giflib <no-dsa> (Minor issue)
+       - giflib 5.1.4-0.1 (bug #820594; unimportant)
        NOTE: http://sourceforge.net/p/giflib/bugs/82/
        NOTE: CVE Request: 
https://www.openwall.com/lists/oss-security/2016/01/26/5
        NOTE: 
http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7488ea1dde5f369cd5f04a9bafb11cb453a35b...91e19f5866794bbead12dbe104a1a7fa1c5b5cdb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7488ea1dde5f369cd5f04a9bafb11cb453a35b...91e19f5866794bbead12dbe104a1a7fa1c5b5cdb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to