[Git][security-tracker-team/security-tracker][master] new npm/sixel issues

Moritz Muehlenhoff jmm at debian.org
Fri Dec 13 10:14:47 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6aa5cdc by Moritz Muehlenhoff at 2019-12-13T10:14:23Z
new npm/sixel issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,9 +9,15 @@ CVE-2019-19780
 CVE-2019-19779
 	RESERVED
 CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
-	TODO: check
+	- libsixel <unfixed>
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
+	NOTE: https://github.com/saitoha/libsixel/issues/110
 CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
-	TODO: check
+	- libsixel <unfixed>
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
+	NOTE: https://github.com/saitoha/libsixel/issues/109
 CVE-2019-19776
 	RESERVED
 CVE-2019-19775
@@ -14624,11 +14630,17 @@ CVE-2019-16779
 CVE-2019-16778
 	RESERVED
 CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...)
-	TODO: check
+	- npm <unfixed>
+	NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
+	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16776 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
-	TODO: check
+	- npm <unfixed>
+	NOTE: https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
+	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16775 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
-	TODO: check
+	- npm <unfixed>
+	NOTE: https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
+	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
 CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injection vul ...)
 	TODO: check
 CVE-2019-16773



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6aa5cdcb387c38683ee0fd1360ac140f1949b15

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c6aa5cdcb387c38683ee0fd1360ac140f1949b15
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191213/89fd0788/attachment.html>

More information about the debian-security-tracker-commits mailing list