[Git][security-tracker-team/security-tracker][master] new nginx issue
Moritz Muehlenhoff
jmm at debian.org
Fri Jan 10 11:03:30 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e9eef2b by Moritz Muehlenhoff at 2020-01-10T12:02:27+01:00
new nginx issue
start untangling the stb mess
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,11 @@ CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook
CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...)
NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
- TODO: check
+ - nginx <unfixed> (low)
+ [buster] - nginx <no-dsa> (Minor issue)
+ [stretch] - nginx <no-dsa> (Minor issue)
+ NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
+ NOTE: https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...)
{DSA-4601-1}
- ldm <unfixed> (bug #948538)
@@ -311,19 +315,40 @@ CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_D
NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744
NOTE: Crash in CLI tool, no security impact
CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/865
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/869
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/867
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/868
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/863
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/866
+ NOTE: Potentially affects mesa, libstb, embree, zynaddsubfx, qemu, godot, sumo, libtcod, box2d, goxel, mame, u-boot, retroarch, dart, zam-plugins, renderdoc
CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- TODO: check
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/867
+ NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6616
RESERVED
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
@@ -6459,7 +6484,10 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/126
+ NOTE: Potentially affects catimg, yquake2, osgearth, renderdoc, goxel, ccextractor, zam-plugins, retroarch, libsfml, love, zynaddsubfx, gem, darknet, mame
CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...)
NOT-FOR-US: LuquidPixels LiquiFire OS
CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack ...)
@@ -7883,7 +7911,10 @@ CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/109
+ NOTE: Potentially affects catimg, mame, retroarch, yquake2, renderdoc, gem, goxel, libsfml, osgearth, darknet, ccextractor, love
CVE-2019-19776
RESERVED
CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to befor ...)
@@ -27711,6 +27742,7 @@ CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buf
- libstb <unfixed> (bug #934973)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/790
+ NOTE: Potentially also affects libsixel, mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel
CVE-2019-15057
RESERVED
CVE-2019-15056
@@ -34444,30 +34476,37 @@ CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorb
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13222 (An out-of-bounds read of a global buffer in the draw_line function in ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13221 (A stack buffer overflow in the compute_codewords function in stb_vorbi ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13220 (Use of uninitialized stack variables in the start_decoder function in ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13219 (A NULL pointer dereference in the get_window function in stb_vorbis th ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13218 (Division by zero in the predict_point function in stb_vorbis through 2 ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13217 (A heap buffer overflow in the start_decoder function in stb_vorbis thr ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13216
RESERVED
CVE-2019-13215
@@ -67967,8 +68006,11 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
[buster] - libsixel 1.8.2-1+deb10u1
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/77
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
+ NOTE: Potentially affects darknet, gem, yquake2, osgearth, renderdoc, glfw3, utox, goxel, mame, libsfml
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
{DLA-1632-1}
- libsndfile 1.0.28-5 (bug #917416)
@@ -67989,8 +68031,11 @@ CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function:
[buster] - libsixel 1.8.2-1+deb10u1
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <not-affected> (The vulnerable code is not present)
+ - libstb <unfixed> (low)
+ [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/80
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
+ NOTE: Pontentially affects mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
- nasm <unfixed> (unimportant; bug #915087)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
@@ -78433,12 +78478,11 @@ CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and
CVE-2018-16982 (Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial ...)
NOT-FOR-US: Open Chinese Convert (OpenCC)
CVE-2018-16981 (stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...)
- - catimg <undetermined>
- libstb 0.0~git20190617.5.c72a95d-1
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/656
NOTE: https://github.com/nothings/stb/commit/50b1bfba583b12ceb23ef949567bdd914461e524
- TODO: further check, stb_image.h in older version is embedded in src:catimg
+ NOTE: Potentially affects libsixel, libsfml, love, mame, darknet, gem, ccextractor, zynaddsubfx, osgearth, goxel, yquake2, renderdoc, catimg, libstb, zam-plugins, retroarch
CVE-2018-16980 (dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/ ...)
NOT-FOR-US: dotCMS
CVE-2018-16979 (Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha ...)
@@ -106525,6 +106569,7 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnera
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Ove ...)
- libstb <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
+ NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2018-1000049 (Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote ...)
NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e9eef2be17e3d4de3d53fa8ae86d8886942d4cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e9eef2be17e3d4de3d53fa8ae86d8886942d4cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/4349be03/attachment.html>
More information about the debian-security-tracker-commits
mailing list