[Git][security-tracker-team/security-tracker][master] Track two more html issues as fixed in buster

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 10 05:08:33 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8250236d by Salvatore Bonaccorso at 2021-06-10T06:06:59+02:00
Track two more html issues as fixed in buster

Choosed to use the buster-pu version as we are short before the 10.10
point release and they were accepted in proposed-updates already.
Thechnically this version though until now never hit the archive for
stable, so we might bump the version to the one in the DSA.

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -34537,6 +34537,7 @@ CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and be
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
 CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers  ...)
 	- htmldoc 1.9.11-3 (unimportant; bug #984765)
+	[buster] - htmldoc 1.9.3-1+deb10u1
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
@@ -109397,6 +109398,7 @@ CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2
 CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
 	{DLA-2026-1}
 	- htmldoc 1.9.7-1 (unimportant; bug #988289)
+	[buster] - htmldoc 1.9.3-1+deb10u1
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
 	NOTE: Crash in CLI tool, no security impact


=====================================
data/next-point-update.txt
=====================================
@@ -134,10 +134,6 @@ CVE-2021-20231
 	[buster] - gnutls28 3.6.7-4+deb10u7
 CVE-2021-20232
 	[buster] - gnutls28 3.6.7-4+deb10u7
-CVE-2019-19630
-	[buster] - htmldoc 1.9.3-1+deb10u1
-CVE-2021-20308
-	[buster] - htmldoc 1.9.3-1+deb10u1
 CVE-2019-0222
 	[buster] - mqtt-client 1.14-1+deb10u1
 CVE-2021-33477



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8250236d8727874c3810811a81585dede9466935

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8250236d8727874c3810811a81585dede9466935
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210610/6fe941db/attachment.htm>

More information about the debian-security-tracker-commits mailing list