[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for libcaca issues
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 30 15:50:05 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d00b1a9 by Salvatore Bonaccorso at 2018-12-30T15:47:00Z
Add Debian bug reference for libcaca issues
Tracking these in one single Debian BTS bug as the affected version is
across all suites present and upstream fixed those issues with a set of
commits.
Covering as well the unimportant issues which do not affect the binary
built itself (Debian binary packages built with the Imlib2 library) with
this tracking bug.
Expecting upstream (and the Debian maintainer) will just fix all those
issues together via unstable either cherry-picking the set of commits or
releasing a new upstream 0.99.beta20 version.
Further investigation pending if they warrant a DSA for stable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87,36 +87,36 @@ CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows
CVE-2018-20550
RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c (function ...)
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
NOTE: https://github.com/cacalabs/libcaca/issues/41
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
CVE-2018-20548 (There is an illegal WRITE memory access at common-image.c (function ...)
- - libcaca <unfixed> (unimportant)
+ - libcaca <unfixed> (unimportant; bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652625
NOTE: https://github.com/cacalabs/libcaca/issues/40
NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c (function ...)
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
NOTE: https://github.com/cacalabs/libcaca/issues/39
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c (function ...)
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
NOTE: https://github.com/cacalabs/libcaca/issues/38
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20545 (There is an illegal WRITE memory access at common-image.c (function ...)
- - libcaca <unfixed> (unimportant)
+ - libcaca <unfixed> (unimportant; bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652621
NOTE: https://github.com/cacalabs/libcaca/issues/37
NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function ...)
- - libcaca <unfixed>
+ - libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
NOTE: https://github.com/cacalabs/libcaca/issues/36
NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d00b1a91b9f391ba869f2d5cf5198bac26056cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d00b1a91b9f391ba869f2d5cf5198bac26056cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181230/7c6ce622/attachment.html>
More information about the debian-security-tracker-commits
mailing list