[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 27 22:27:38 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2df4ff1 by Moritz Muehlenhoff at 2019-02-27T22:27:10Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5276,6 +5276,8 @@ CVE-2019-6957
RESERVED
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
- faad2 <unfixed> (bug #914641)
+ [buster] - faad2 <no-dsa> (Minor issue)
+ [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
CVE-2019-6955
RESERVED
@@ -7008,9 +7010,10 @@ CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ
CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...)
NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in ...)
- - svgpp <unfixed> (bug #919321)
+ - svgpp <unfixed> (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way.
+ NOTE: No security impact, only used to build examples, see #921097
CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the ...)
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
@@ -7018,11 +7021,12 @@ CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used
{DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
[stretch] - agg <no-dsa> (Minor issue)
- - svgpp <unfixed> (bug #919321)
+ - svgpp <unfixed> (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
NOTE: and possibly already fixed with the inclusion of 05-fix-recursion-crash.patch
NOTE: in 2.5+dfsg1-3.
+ NOTE: No security impact on svgpp, only used to build examples, see #921097
CVE-2018-20703 (CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. ...)
NOT-FOR-US: CubeCart
CVE-2018-20702
@@ -14700,6 +14704,7 @@ CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of
NOTE: https://github.com/knik0/faad2/issues/19
CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of ...)
- faad2 <unfixed> (low)
+ [buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/25
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2df4ff16e7561e49184e6e2f028e7c410f57001
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2df4ff16e7561e49184e6e2f028e7c410f57001
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190227/e68f6e0c/attachment.html>
More information about the debian-security-tracker-commits
mailing list