[Git][security-tracker-team/security-tracker][master] adplug bugs

Moritz Muehlenhoff jmm at debian.org
Thu Oct 31 23:11:59 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78d8a2d5 by Moritz Muehlenhoff at 2019-10-31T23:08:55Z
adplug bugs
unoconv no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4151,7 +4151,9 @@ CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer ov
 	[stretch] - liblnk <no-dsa> (Minor issue)
 	NOTE: https://github.com/libyal/liblnk/issues/40
 CVE-2019-17400 (The unoconv package before 0.9 mishandles untrusted pathnames, leading ...)
-	- unoconv 0.7-2 (bug #943561)
+	- unoconv 0.7-2 (low; bug #943561)
+	[buster] - unoconv <no-dsa> (Minor issue)
+	[stretch] - unoconv <no-dsa> (Minor issue)
 	[jessie] - unoconv <no-dsa> (Minor issue)
 	NOTE: https://github.com/unoconv/unoconv/pull/510
 CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
@@ -11764,19 +11766,19 @@ CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cm
 CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
 	NOT-FOR-US: Zoho ManageEngine AssetExplorer
 CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
-	- adplug <unfixed>
+	- adplug <unfixed> (bug #943927)
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/87
 CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
-	- adplug <unfixed>
+	- adplug <unfixed> (bug #943928)
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)
 	NOTE: https://github.com/adplug/adplug/issues/86
 CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
-	- adplug <unfixed>
+	- adplug <unfixed> (bug #943928)
 	[buster] - adplug <no-dsa> (Minor issue)
 	[stretch] - adplug <no-dsa> (Minor issue)
 	[jessie] - adplug <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78d8a2d5ec7ff4eb4f30a3db84f0a1c0889f27e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78d8a2d5ec7ff4eb4f30a3db84f0a1c0889f27e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191031/06715926/attachment.html>

More information about the debian-security-tracker-commits mailing list