[Git][security-tracker-team/security-tracker][master] Two potrace issues fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Sat May 19 17:27:39 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33a0a1d1 by Salvatore Bonaccorso at 2018-05-19T18:27:22+02:00
Two potrace issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46375,7 +46375,7 @@ CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .N
 CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
-	- potrace <unfixed> (unimportant; bug #870356)
+	- potrace 1.15-1 (unimportant; bug #870356)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
 	NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
 	NOTE: Crash only in CLI tool mkbitmap, negligible security impact
@@ -61383,7 +61383,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function 
 	NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
 	NOTE: in fz_subsample_pixmap.
 CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
-	- potrace <unfixed> (bug #858763)
+	- potrace 1.15-1 (bug #858763)
 	[stretch] - potrace <no-dsa> (Minor issue)
 	[jessie] - potrace <no-dsa> (Minor issue)
 	[wheezy] - potrace <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33a0a1d1dd92a736554a8146f4f535454feb84e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180519/f6fe638b/attachment.html>

More information about the debian-security-tracker-commits mailing list