[Git][security-tracker-team/security-tracker][master] Add references to upstream commit for libwebp issues
Salvatore Bonaccorso
carnil at debian.org
Sun May 9 09:04:01 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1aab477f by Salvatore Bonaccorso at 2021-05-09T10:03:26+02:00
Add references to upstream commit for libwebp issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1380,22 +1380,27 @@ CVE-2020-36332 [extreme memory allocation when reading a file]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
CVE-2020-36331 [heap-based buffer overflow in ChunkAssignData() in mux/muxinternal.c]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
CVE-2020-36330 [heap-based buffer overflow in ChunkVerifyAndAssign() in mux/muxread.c]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
CVE-2020-36329 [use-after-free in EmitFancyRGB() in dec/io_dec.c]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
CVE-2020-36328 [heap-based buffer overflow in WebPDecode*Into functions]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...)
- bundler <removed>
- rubygems <unfixed>
@@ -4094,10 +4099,12 @@ CVE-2018-25013 [heap-based buffer overflow in ShiftBytes()]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
CVE-2018-25012 [heap-based buffer overflow in GetLE24()]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
CVE-2018-25011 [heap-based buffer overflow in PutLE16()]
RESERVED
- libwebp <unfixed>
@@ -4106,10 +4113,12 @@ CVE-2018-25010 [heap-based buffer overflow in ApplyFilter()]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
CVE-2018-25009 [heap-based buffer overflow in GetLE16()]
RESERVED
- libwebp <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...)
- rustc 1.29.0+dfsg1-1
NOTE: https://github.com/rust-lang/rust/issues/51780
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aab477fdf6b8800dc2208f3866aa316b90df2f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aab477fdf6b8800dc2208f3866aa316b90df2f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210509/464b7e25/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list