[Git][security-tracker-team/security-tracker][master] Five yaml-cpp issues fixed with unstable upload of new upstream version

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bd84aae by Salvatore Bonaccorso at 2020-04-30T05:44:28+02:00
Five yaml-cpp issues fixed with unstable upload of new upstream version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70639,7 +70639,7 @@ CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::P
 	[stretch] - libsass <no-dsa> (Minor issue)
 	NOTE: https://github.com/sass/libsass/issues/2815
 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibY ...)
-	- yaml-cpp <unfixed> (low; bug #919432)
+	- yaml-cpp 0.6.3-1 (low; bug #919432)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
@@ -77712,7 +77712,7 @@ CVE-2018-20576 (Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe
 CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented /system_firmwar ...)
 	NOT-FOR-US: Orange Livebox 00.96.320S devices
 CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C ...)
-	- yaml-cpp <unfixed> (low; bug #918145)
+	- yaml-cpp 0.6.3-1 (low; bug #918145)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <postponed> (Minor issue)
@@ -77721,7 +77721,7 @@ CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka Lib
 	[jessie] - yaml-cpp0.3 <postponed> (Minor issue)
 	NOTE: https://github.com/jbeder/yaml-cpp/issues/654
 CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++ ...)
-	- yaml-cpp <unfixed> (low; bug #918147)
+	- yaml-cpp 0.6.3-1 (low; bug #918147)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <postponed> (Minor issue)
@@ -159191,7 +159191,7 @@ CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentia
 CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials tha ...)
 	NOT-FOR-US: MEDHOST Document Management System
 CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5 ...)
-	- yaml-cpp <unfixed> (low; bug #870326)
+	- yaml-cpp 0.6.3-1 (low; bug #870326)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)
@@ -177173,7 +177173,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
 	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
-	- yaml-cpp <unfixed> (low; bug #859891)
+	- yaml-cpp 0.6.3-1 (low; bug #859891)
 	[buster] - yaml-cpp <no-dsa> (Minor issue)
 	[stretch] - yaml-cpp <no-dsa> (Minor issue)
 	[jessie] - yaml-cpp <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd84aae9d546bc6e11ba5f75f8ebf49b64e2bab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd84aae9d546bc6e11ba5f75f8ebf49b64e2bab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/b347c8c5/attachment.html>