[Git][security-tracker-team/security-tracker][master] mark CVE-2020-36280 as not-affected for Stretch

Thorsten Alteholz alteholz at debian.org
Sat Mar 27 22:55:34 GMT 2021



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
adacc950 by Thorsten Alteholz at 2021-03-27T23:55:19+01:00
mark CVE-2020-36280 as not-affected for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2452,6 +2452,7 @@ CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
 CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
 	- leptonlib <unfixed> (bug #985089)
+	[stretch] - leptonlib <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
 	NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
 CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adacc950a044570a580a15b94a80f56c17f0e672

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adacc950a044570a580a15b94a80f56c17f0e672
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210327/2de7b998/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list