[Git][security-tracker-team/security-tracker][master] new leptonlib issues

Fri Mar 12 10:43:36 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7f72a16 by Moritz Muehlenhoff at 2021-03-12T11:42:29+01:00
new leptonlib issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135,7 +135,7 @@ CVE-2021-28156
 CVE-2021-28155
 	RESERVED
 CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
-	TODO: check
+	NOT-FOR-US: Camunda Modeler
 CVE-2021-28152
 	RESERVED
 CVE-2021-28151
@@ -151,19 +151,29 @@ CVE-2021-28147
 CVE-2021-28146
 	RESERVED
 CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
-	TODO: check
+	NOT-FOR-US: JMS Client for RabbitMQ
 CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
-	TODO: check
+	- leptonlib <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
+	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
 CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
-	TODO: check
+	- leptonlib <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
+	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
 CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
-	TODO: check
+	- leptonlib <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
+	NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
 CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
-	TODO: check
+	- leptonlib <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
+	NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
 CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
-	TODO: check
+	- leptonlib <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
+	NOTE: https://github.com/DanBloomberg/leptonica/pull/499
 CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
 	- glib2.0 2.66.7-2 (bug #984969)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7f72a162c4e4f975aedf1b1376f885a04068136

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7f72a162c4e4f975aedf1b1376f885a04068136
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/16254993/attachment.htm>
