[Git][security-tracker-team/security-tracker][master] Two potrace issues fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Sat May 19 17:27:39 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33a0a1d1 by Salvatore Bonaccorso at 2018-05-19T18:27:22+02:00
Two potrace issues fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46375,7 +46375,7 @@ CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .N
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
- - potrace <unfixed> (unimportant; bug #870356)
+ - potrace 1.15-1 (unimportant; bug #870356)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
NOTE: Crash only in CLI tool mkbitmap, negligible security impact
@@ -61383,7 +61383,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function
NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
NOTE: in fz_subsample_pixmap.
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
- - potrace <unfixed> (bug #858763)
+ - potrace 1.15-1 (bug #858763)
[stretch] - potrace <no-dsa> (Minor issue)
[jessie] - potrace <no-dsa> (Minor issue)
[wheezy] - potrace <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180519/f6fe638b/attachment.html>
More information about the debian-security-tracker-commits
mailing list