[Git][security-tracker-team/security-tracker][master] Add CVE-2020-35492/cairo
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 29 08:07:04 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74603d55 by Salvatore Bonaccorso at 2020-12-29T09:06:39+01:00
Add CVE-2020-35492/cairo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3329,8 +3329,12 @@ CVE-2020-35494
RESERVED
CVE-2020-35493
RESERVED
-CVE-2020-35492
+CVE-2020-35492 [cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes]
RESERVED
+ - cairo <unfixed>
+ NOTE: Likey introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/85/diffs?commit_id=03a820b173ed1fdef6ff14b4468f5dbc02ff59be
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1898396
CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74603d55c4ab47caffa185a0e818fe99e0d0d657
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74603d55c4ab47caffa185a0e818fe99e0d0d657
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201229/f124bb7f/attachment.html>
More information about the debian-security-tracker-commits
mailing list