[Git][security-tracker-team/security-tracker][master] Mark leptonlib issues as no-dsa as they are simple crashes (can be fixed via point release)
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 22 19:05:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4905406 by Salvatore Bonaccorso at 2021-04-22T20:05:01+02:00
Mark leptonlib issues as no-dsa as they are simple crashes (can be fixed via point release)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7535,26 +7535,31 @@ CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 i
CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
{DLA-2612-1}
- leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
- leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
[stretch] - leptonlib <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
{DLA-2612-1}
- leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
{DLA-2612-1}
- leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
{DLA-2612-1}
- leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
NOTE: https://github.com/DanBloomberg/leptonica/pull/499
CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4905406db74a745fb76803650e0e60a23f93105
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4905406db74a745fb76803650e0e60a23f93105
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210422/d3aad9b2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list