[Git][security-tracker-team/security-tracker][master] Add information for CVE-2019-1010006/evince

Salvatore Bonaccorso carnil at debian.org
Mon Jul 15 20:36:38 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6445b083 by Salvatore Bonaccorso at 2019-07-15T19:34:04Z
Add information for CVE-2019-1010006/evince

The issue was fixed in evince via e6ed0d4 ("Remove unused configure
check for cairo_format_stride_for_width") and e02fe91 ("Fix overflow
checks in tiff backend").

Cf. https://bugzilla.gnome.org/show_bug.cgi?id=788980#c7 .

Those are included in upstream version 3.27.91 and first included in
Debian unstable as per the 3.27.92-1 upload.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10230,8 +10230,10 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross
 CVE-2019-1010007
 	RESERVED
 CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
-	- evince <unfixed>
+	- evince 3.27.92-1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980
+	NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91)
+	NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 (3.27.91)
 	TODO: track down in depth, whether in Evince or libtiff and if fixed
 CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...)
 	NOT-FOR-US: HexoEditor



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6445b08321c52f747a5d12ec8c8c78449ecffd31

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6445b08321c52f747a5d12ec8c8c78449ecffd31
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190715/7ccf84d6/attachment.html>

More information about the debian-security-tracker-commits mailing list