[Git][security-tracker-team/security-tracker][master] libsixel: reference BTS
Sylvain Beucler
beuc at debian.org
Mon Jul 1 15:05:51 BST 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da458b8b by Sylvain Beucler at 2019-07-01T14:03:19Z
libsixel: reference BTS
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31214,15 +31214,15 @@ CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version
CVE-2018-19764
REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: write_pn ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/82
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/81
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/78
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
@@ -31233,7 +31233,7 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...
NOTE: Issue caused by premature exit without cleanup on an error in the caller
NOTE: not in the library; Negligible security impact in itself and disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/77
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
@@ -31245,11 +31245,11 @@ CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_hea
NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
NOTE: when fixing this issue, the fix needs to be made complete to not open CVE-2019-3832
CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set_addit ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/79
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
- - libsixel <undetermined>
+ - libsixel <undetermined> (bug #931311)
NOTE: https://github.com/saitoha/libsixel/issues/80
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da458b8b31eb70d3cc0b7e342ac7bef020255751
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da458b8b31eb70d3cc0b7e342ac7bef020255751
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190701/3d165dfc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list