[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-13794/catimg
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 28 08:55:21 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
591b73f5 by Salvatore Bonaccorso at 2018-11-28T08:54:49Z
Add fixed version for CVE-2018-13794/catimg
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17540,7 +17540,7 @@ CVE-2018-13797 (The macaddress module before 0.2.9 for Node.js is prone to an ar
CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth. ...)
NOT-FOR-US: Gravity
CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in ...)
- - catimg <unfixed> (bug #903711)
+ - catimg 2.5.0-1 (bug #903711)
NOTE: https://github.com/posva/catimg/issues/34
NOTE: Upstream fixed the issue by updating the stb_image copy to v2.19.
NOTE: https://github.com/posva/catimg/pull/41
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/591b73f5869bbb2bf5757a95268a2a876e6f6d06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/591b73f5869bbb2bf5757a95268a2a876e6f6d06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181128/2c76a278/attachment.html>
More information about the debian-security-tracker-commits
mailing list