[Git][security-tracker-team/security-tracker][master] Checking remaining libsixel issues, all fixed upstream in v1.8.3 and 1.8.4

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7db6b1e by Salvatore Bonaccorso at 2020-03-05T10:13:51+01:00
Checking remaining libsixel issues, all fixed upstream in v1.8.3 and 1.8.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15689,13 +15689,13 @@ CVE-2019-19780
 CVE-2019-19779
 	RESERVED
 CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/110
 CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
@@ -18365,25 +18365,25 @@ CVE-2019-19640
 CVE-2019-19639
 	RESERVED
 CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/102
 CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/105
 CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/104
 CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
-	- libsixel <unfixed> (low; bug #948103)
+	- libsixel 1.8.6-1 (low; bug #948103)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
@@ -49357,7 +49357,7 @@ CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no esca
 	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/2581
 CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...)
-	- libsixel <unfixed> (unimportant)
+	- libsixel 1.8.6-1 (unimportant)
 	NOTE: https://github.com/saitoha/libsixel/issues/85
 	NOTE: Negligible security impact
 CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7db6b1e9939c73579ee172984b7e4824ee59993

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7db6b1e9939c73579ee172984b7e4824ee59993
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/c9ebbba1/attachment.html>