[Git][security-tracker-team/security-tracker][master] Add todo item for CVE-2021-39247/zint
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 18 20:42:25 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f31119b by Salvatore Bonaccorso at 2021-08-18T21:41:00+02:00
Add todo item for CVE-2021-39247/zint
Upstream 6274140c73aa ("CODEONE: various fixes, ECI support; #209")
refactored the code, which introduces is_last_single_ascii() containging
the wrong check. But I have not yet verified that the mis-comparisions
is not present pre-refactoring.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,6 +57,7 @@ CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-
[bullseye] - zint <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/
NOTE: https://sourceforge.net/p/zint/tickets/232/
+ TODO: check, supsect the issue has only been introduced upstream with 6274140c73aa39c42271644ef8c9b4551ca06fc2 (but need confirmation)
CVE-2021-39246
RESERVED
CVE-2021-3716
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f31119bbc8bbf47d8d645196d1fb9d2e3b0cc19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f31119bbc8bbf47d8d645196d1fb9d2e3b0cc19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210818/c8be206e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list