[Git][security-tracker-team/security-tracker][master] Triage open CVE for libsixel/Jessie.

Markus Koschany apo at debian.org
Mon Sep 16 13:45:33 BST 2019



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
480184ed by Markus Koschany at 2019-09-16T12:44:58Z
Triage open CVE for libsixel/Jessie.

Most issues do not affect Jessie because the vulnerable code does not exist or
only exist when the fsanitize flag is used.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42818,18 +42818,21 @@ CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: wr
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
 	NOTE: https://github.com/saitoha/libsixel/issues/82
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
 CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
 	NOTE: https://github.com/saitoha/libsixel/issues/81
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/78
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
@@ -42843,6 +42846,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/77
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
@@ -42857,12 +42861,14 @@ CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/79
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
 CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
 	- libsixel 1.8.2-2 (bug #931311)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
+	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
 	NOTE: https://github.com/saitoha/libsixel/issues/80
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
 CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/480184edc1fbeff50a51879b247bddd2bb2594a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/480184edc1fbeff50a51879b247bddd2bb2594a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190916/086fb79d/attachment.html>


More information about the debian-security-tracker-commits mailing list