[Git][security-tracker-team/security-tracker][master] gocr non issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 21 08:16:33 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b9098d6 by Moritz Muehlenhoff at 2021-05-21T09:15:28+02:00
gocr non issues
fig2dev no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2021-3561 [Global buffer overflow in fig2dev/read.c in function read_objects]
 	- fig2dev 1:3.2.8-3
+	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
 	NOTE: https://sourceforge.net/p/mcj/tickets/116/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
@@ -601,15 +602,18 @@ CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonControl
 CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
 	NOT-FOR-US: Smartstore (aka SmartStoreNET)
 CVE-2021-33481 [stack-based buffer overflow in try_to_divide_boxes() in pgm2asc.c]
-	- gocr <unfixed>
+	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/42/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33480 [use-after-free in context_correction() in pgm2asc.c]
-	- gocr <unfixed>
+	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/40/
 	NOTE: https://sourceforge.net/p/jocr/bugs/41/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33479 [stack-based buffer overflow in measure_pitch() in pgm2asc.c]
-	- gocr <unfixed>
+	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/39/
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33477 [(remote) code execution via ESC G Q]
 	- rxvt <removed>
 	- rxvt-unicode <unfixed> (bug #988763)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9098d666a7072389ea3bc81fa9b88a6190682b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9098d666a7072389ea3bc81fa9b88a6190682b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/f9baad34/attachment.htm>

More information about the debian-security-tracker-commits mailing list