[Git][security-tracker-team/security-tracker][master] Initial batch of libsixel fixes
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 5 08:03:56 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e927144 by Moritz Muehlenhoff at 2020-03-05T09:03:33+01:00
Initial batch of libsixel fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11160,11 +11160,12 @@ CVE-2019-20207
CVE-2019-20206
RESERVED
CVE-2019-20205 (libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame. ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/127
+ NOTE: https://github.com/saitoha/libsixel/commit/bb65fce3bbecdd325ecb86d78132c3554907af87
CVE-2019-20204 (The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by ...)
NOT-FOR-US: Postie plugin for WordPress
CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for WordP ...)
@@ -13848,11 +13849,12 @@ CVE-2019-20142 (An issue was discovered in GitLab Community Edition (CE) and Ent
CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...)
NOT-FOR-US: Laborator Neon theme for WordPress
CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/122
+ NOTE: https://github.com/saitoha/libsixel/commit/598c8c88c97fd2eb5f6f5d1324fc325e66317f0c
CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...)
NOT-FOR-US: Nagios XI
CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...)
@@ -13953,11 +13955,12 @@ CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc
CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/125
+ NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
- libpodofo <unfixed>
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -14045,13 +14048,14 @@ CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allo
CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...)
NOT-FOR-US: Proxyman for macOS
CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
- libstb <unfixed> (low)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
+ NOTE: libsixel patch: https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d
NOTE: libstb PR: https://github.com/nothings/stb/issues/886
CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...)
NOT-FOR-US: LuquidPixels LiquiFire OS
@@ -14130,21 +14134,21 @@ CVE-2019-20026
CVE-2019-20025
RESERVED
CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/121
NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b
CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/120
NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6
CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...)
- - libsixel <unfixed> (low; bug #948103)
+ - libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e92714442acc27a6a2f9e609c7b3758ad5be2b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e92714442acc27a6a2f9e609c7b3758ad5be2b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/42866dec/attachment.html>
More information about the debian-security-tracker-commits
mailing list