[Git][security-tracker-team/security-tracker][master] new libsixel issues
Moritz Muehlenhoff
jmm at debian.org
Thu Jan 3 13:24:38 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fd6a921 by Moritz Muehlenhoff at 2019-01-03T13:24:01Z
new libsixel issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
- TODO: check
+ NOT-FOR-US: OpenRefine
CVE-2019-3579
RESERVED
CVE-2019-3578
@@ -11,9 +11,13 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that
CVE-2019-3575
RESERVED
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
- TODO: check
+ - libsixel <unfixed> (low)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...)
- TODO: check
+ - libsixel <unfixed> (low)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/169
@@ -166,7 +170,7 @@ CVE-2018-20660
CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in ...)
NOT-FOR-US: Bento4
CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
- TODO: check
+ NOT-FOR-US: Core FTP
CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
@@ -198,7 +202,7 @@ CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL Injection via the ...)
CVE-2018-20653
RESERVED
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the function ...)
- TODO: check
+ NOT-FOR-US: tinyexr
CVE-2018-20651 (A NULL pointer dereference was discovered in ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/73d0e9c2/attachment.html>
More information about the debian-security-tracker-commits
mailing list