[Git][security-tracker-team/security-tracker][master] Update several libsixel entries triaged by maintainer

Salvatore Bonaccorso carnil at debian.org
Sun Sep 8 16:11:07 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68ea4e4f by Salvatore Bonaccorso at 2019-09-08T15:08:07Z
Update several libsixel entries triaged by maintainer

As reported by  Sylvain Beucler after triage and further investigated
Takatsugu Nokubi those are the ones confirmed to affect unstable, buster
and stretch. Move thus state from undetermined to unfixed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41980,15 +41980,21 @@ CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version
 CVE-2018-19764
 	REJECTED
 CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: write_pn ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/82
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
 CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/81
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/78
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
@@ -41999,7 +42005,9 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...
 	NOTE: Issue caused by premature exit without cleanup on an error in the caller
 	NOTE: not in the library; Negligible security impact in itself and disputed.
 CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/77
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
@@ -42011,11 +42019,15 @@ CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_hea
 	NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
 	NOTE: when fixing this issue, the fix needs to be made complete to not open CVE-2019-3832
 CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set_addit ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/79
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
 CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
-	- libsixel <undetermined> (bug #931311)
+	- libsixel <unfixed> (bug #931311)
+	[buster] - libsixel <no-dsa> (Minor issue)
+	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/80
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
 CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68ea4e4fbd8f219ce43f4b3d62d7c999cbd45752

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68ea4e4fbd8f219ce43f4b3d62d7c999cbd45752
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190908/335b1dab/attachment.html>

More information about the debian-security-tracker-commits mailing list