[Git][security-tracker-team/security-tracker][master] libsixel bug
Moritz Muehlenhoff
jmm at debian.org
Fri Jan 3 22:03:16 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9efcb4f7 by Moritz Muehlenhoff at 2020-01-03T23:02:51+01:00
libsixel bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -704,7 +704,7 @@ CVE-2019-20207
CVE-2019-20206
RESERVED
CVE-2019-20205 (libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame. ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/127
@@ -3356,7 +3356,7 @@ CVE-2019-20142
CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...)
NOT-FOR-US: Laborator Neon theme for WordPress
CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -3458,7 +3458,7 @@ CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc
CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -3548,7 +3548,7 @@ CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allo
CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...)
NOT-FOR-US: Proxyman for macOS
CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -3621,21 +3621,21 @@ CVE-2019-20026
CVE-2019-20025
RESERVED
CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/121
NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b
CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/120
NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6
CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -4955,13 +4955,13 @@ CVE-2019-19780
CVE-2019-19779
RESERVED
CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/110
CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -7541,25 +7541,25 @@ CVE-2019-19640
CVE-2019-19639
RESERVED
CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/102
CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/105
CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/104
CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
- - libsixel <unfixed>
+ - libsixel <unfixed> (low; #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9efcb4f74bd8ae85bebd96e43e6f62a73b2aed60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9efcb4f74bd8ae85bebd96e43e6f62a73b2aed60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200103/76207598/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list