[Git][security-tracker-team/security-tracker][master] CVE-2021-21236/cairosvg n/a in buster & stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ac53ed9 by Emilio Pozuelo Monfort at 2021-01-15T12:50:22+01:00
CVE-2021-21236/cairosvg n/a in buster & stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9380,8 +9380,11 @@ CVE-2021-21237
 	RESERVED
 CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
 	- cairosvg <unfixed> (bug #979597)
+	[buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
+	[stretch] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
 	NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
-	NOTE: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1)
+	NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81
+	NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1)
 CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
 	- rust-kamadak-exif <unfixed>
 	NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ac53ed98b741fc07155ab87c93d471ea989443e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ac53ed98b741fc07155ab87c93d471ea989443e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210115/2dc4fce4/attachment.html>