[Git][security-tracker-team/security-tracker][master] new libsixel issues

Moritz Muehlenhoff jmm at debian.org
Thu Jan 3 13:24:38 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fd6a921 by Moritz Muehlenhoff at 2019-01-03T13:24:01Z
new libsixel issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
-	TODO: check
+	NOT-FOR-US: OpenRefine
 CVE-2019-3579
 	RESERVED
 CVE-2019-3578
@@ -11,9 +11,13 @@ CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that
 CVE-2019-3575
 	RESERVED
 CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the ...)
-	TODO: check
+	- libsixel <unfixed> (low)
+	[stretch] - libsixel <no-dsa> (Minor issue)
+	NOTE: https://github.com/saitoha/libsixel/issues/83
 CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function ...)
-	TODO: check
+	- libsixel <unfixed> (low)
+	[stretch] - libsixel <no-dsa> (Minor issue)
+	NOTE: https://github.com/saitoha/libsixel/issues/83
 CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/169
@@ -166,7 +170,7 @@ CVE-2018-20660
 CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in ...)
 	NOT-FOR-US: Bento4
 CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
-	TODO: check
+	NOT-FOR-US: Core FTP
 CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as ...)
 	- binutils <unfixed> (low)
 	[stretch] - binutils <ignored> (Minor issue)
@@ -198,7 +202,7 @@ CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL Injection via the ...)
 CVE-2018-20653
 	RESERVED
 CVE-2018-20652 (An attempted excessive memory allocation was discovered in the function ...)
-	TODO: check
+	NOT-FOR-US: tinyexr
 CVE-2018-20651 (A NULL pointer dereference was discovered in ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2fd6a9217da77fe5be66f223f6030173be13774e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/73d0e9c2/attachment.html>


More information about the debian-security-tracker-commits mailing list