[Git][security-tracker-team/security-tracker][master] sixel, tinymce bugs

Moritz Muehlenhoff jmm at debian.org
Wed Oct 21 19:02:31 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e42be8ef by Moritz Mühlenhoff at 2020-10-21T20:02:12+02:00
sixel, tinymce bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20849,7 +20849,7 @@ CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before
 CVE-2020-17481
 	RESERVED
 CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
-	- tinymce <unfixed>
+	- tinymce <unfixed> (bug #972642)
 	[buster] - tinymce <no-dsa> (Minor issue)
 	[stretch] - tinymce <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
@@ -33047,7 +33047,7 @@ CVE-2020-12650
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
 	NOT-FOR-US: Gurbalib
 CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
-	- tinymce <unfixed>
+	- tinymce <unfixed> (bug #972642)
 	[buster] - tinymce <no-dsa> (Minor issue)
 	[stretch] - tinymce <not-affected> (Vulnerable code not present and not reproducible)
 	NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
@@ -36355,7 +36355,7 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows
 	NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
 	NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
-	- libsixel <unfixed> (low)
+	- libsixel <unfixed> (low; bug #972641)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42be8ef4cbf46ce2f5674cfa2b90d324598cecf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42be8ef4cbf46ce2f5674cfa2b90d324598cecf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201021/c638b75c/attachment.html>

More information about the debian-security-tracker-commits mailing list