[Git][security-tracker-team/security-tracker][master] Add further notes for CVE-2018-13794
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 30 13:31:26 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da5e0880 by Salvatore Bonaccorso at 2018-09-30T12:31:01Z
Add further notes for CVE-2018-13794
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9646,6 +9646,8 @@ CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth.
CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in ...)
- catimg <unfixed> (bug #903711)
NOTE: https://github.com/posva/catimg/issues/34
+ NOTE: Upstream fixed the issue by updating the stb_image copy to v2.19.
+ NOTE: https://github.com/posva/catimg/pull/41
CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP ...)
NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13792
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da5e0880a93a67aab30b0794970a45a713211d26
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da5e0880a93a67aab30b0794970a45a713211d26
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180930/27bd3c8b/attachment.html>
More information about the debian-security-tracker-commits
mailing list