[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-21676/fig2dev: precise versions
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Aug 19 17:58:27 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5bf6b1ed by Sylvain Beucler at 2021-08-19T18:57:54+02:00
CVE-2020-21676/fig2dev: precise versions
- - - - -
8a7c6d00 by Sylvain Beucler at 2021-08-19T18:57:55+02:00
CVE-2021-3561/fig2dev: patch requirement
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13223,6 +13223,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/116/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
+ NOTE: Depends on CVE-2019-19797 fix
CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()]
RESERVED
- policykit-1 0.105-31 (bug #989429)
@@ -72474,9 +72475,11 @@ CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without
CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
- fig2dev 1:3.2.8-1
[buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/76/
NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8)
+ NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7)
CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03faf9bcd6b070cb6626b64a8eb9da07bd744e1d...8a7c6d0036509a330339c507abf857a658eb20b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03faf9bcd6b070cb6626b64a8eb9da07bd744e1d...8a7c6d0036509a330339c507abf857a658eb20b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210819/40e36443/attachment.htm>
More information about the debian-security-tracker-commits
mailing list