[Git][security-tracker-team/security-tracker][master] libsixel: additional info and triage

Mon Jul 1 14:01:16 BST 2019


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f880de9 by Sylvain Beucler at 2019-07-01T12:58:44Z
libsixel: additional info and triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31217,10 +31217,16 @@ CVE-2018-19764
 	REJECTED
 CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: write_pn ...)
 	- libsixel <undetermined>
+	NOTE: https://github.com/saitoha/libsixel/issues/82
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
 CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
 	- libsixel <undetermined>
+	NOTE: https://github.com/saitoha/libsixel/issues/81
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
 	- libsixel <undetermined>
+	NOTE: https://github.com/saitoha/libsixel/issues/78
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
 	- confuse <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649152
@@ -31231,6 +31237,7 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...
 CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
 	- libsixel <undetermined>
 	NOTE: https://github.com/saitoha/libsixel/issues/77
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
 	{DLA-1632-1}
 	- libsndfile 1.0.28-5 (bug #917416)
@@ -31241,8 +31248,12 @@ CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_hea
 	NOTE: when fixing this issue, the fix needs to be made complete to not open CVE-2019-3832
 CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set_addit ...)
 	- libsixel <undetermined>
+	NOTE: https://github.com/saitoha/libsixel/issues/79
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
 CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
-	TODO: check
+	- libsixel <undetermined>
+	NOTE: https://github.com/saitoha/libsixel/issues/80
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
 CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
 	- nasm <unfixed> (unimportant; bug #915087)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f880de9cc9a5371ed588e0c386139ec123e4a91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9f880de9cc9a5371ed588e0c386139ec123e4a91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190701/11392330/attachment-0001.html>
