[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 12 08:35:18 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb2a4a47 by Moritz Mühlenhoff at 2021-08-12T09:34:03+02:00
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70767,48 +70767,53 @@ CVE-2020-21686
 CVE-2020-21685
 	RESERVED
 CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/75/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/77/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/ (3.2.8)
-	TODO: check
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/72/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/73/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/74/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8)
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8)
-	TODO: check
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21679
 	RESERVED
 CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...)
-	- fig2dev 1:3.2.8-1
+	- fig2dev 1:3.2.8-1 (unimportant)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/71/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
-	TODO: check
+	NOTE: Crash in CLI tool, no security impact
 CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...)
 	- libsixel 1.8.6-1
+	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/123
 	NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
 CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
 	- fig2dev 1:3.2.8-1
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/76/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb2a4a474deb719d2997e94436409dacd3c15d85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb2a4a474deb719d2997e94436409dacd3c15d85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/3fe18733/attachment.htm>

More information about the debian-security-tracker-commits mailing list