[Git][security-tracker-team/security-tracker][master] Revert "Mark jessie as not-affected for some CVE of transfig"
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 20 05:45:41 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f376512 by Salvatore Bonaccorso at 2020-01-20T06:45:11+01:00
Revert "Mark jessie as not-affected for some CVE of transfig"
Unreproducible does nto mean that an issue does not affect the package.
This reverts commit f5d6f0385e6b888a066574bc5564c09776d0f8b2.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8866,7 +8866,7 @@ CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bou
[buster] - fig2dev <no-dsa> (Minor issue)
[stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
- [jessie] - transfig <not-affected> (Unreproducible)
+ [jessie] - transfig <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/67/
CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after- ...)
- linux 5.3.15-1
@@ -10013,7 +10013,6 @@ CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via Active
CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...)
- fig2dev 1:3.2.7b-3 (unimportant; bug #946628)
- transfig <removed> (unimportant)
- [jessie] - transfig <not-affected> (Unreproducible)
NOTE: https://sourceforge.net/p/mcj/tickets/57/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end u ...)
@@ -12838,7 +12837,6 @@ CVE-2019-19556
CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
- transfig <removed> (unimportant)
- [jessie] - transfig <not-affected> (Unreproducible)
NOTE: https://sourceforge.net/p/mcj/tickets/55/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
NOTE: Crash in CLI tool, negligible security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f37651249b2e34c834e4c2e9ff2edb659815116
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f37651249b2e34c834e4c2e9ff2edb659815116
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200120/7265f0a9/attachment.html>
More information about the debian-security-tracker-commits
mailing list