[Git][security-tracker-team/security-tracker][master] 2 commits: Add tracking bug for CVE-2020-28599 and CVE-2020-28600 in openscad
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 15 13:24:12 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db17e2df by Salvatore Bonaccorso at 2021-10-15T14:22:50+02:00
Add tracking bug for CVE-2020-28599 and CVE-2020-28600 in openscad
- - - - -
d0acc2b1 by Salvatore Bonaccorso at 2021-10-15T14:23:32+02:00
Sync openscad buster-pu version
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -63868,14 +63868,14 @@ CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
CVE-2020-28600 (An out-of-bounds write vulnerability exists in the import_stl.cc:impor ...)
- - openscad 2021.01-1
+ - openscad 2021.01-1 (bug #996020)
[buster] - openscad <no-dsa> (Minor issue)
[stretch] - openscad <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224
NOTE: introduced at https://github.com/openscad/openscad/commit/25ec72ce0770115ad62c17fe10ee7464ac256391
NOTE: vulnerable code removed at https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
- - openscad 2021.01-1
+ - openscad 2021.01-1 (bug #996020)
[buster] - openscad <no-dsa> (Minor issue)
[stretch] - openscad <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -73,6 +73,6 @@ CVE-2021-34552
CVE-2021-3801
[buster] - node-prismjs 1.11.0+dfsg-3+deb10u1
CVE-2020-28600
- [buster] - openscad 2019.01~RC2-2
+ [buster] - openscad 2019.01~RC2-2+deb10u1
CVE-2020-28599
- [buster] - openscad 2019.01~RC2-2
+ [buster] - openscad 2019.01~RC2-2+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23b0caaa943ad1ccd66f6445badff794584a258b...d0acc2b10be7013e262474d8b15b44e6f5c127b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23b0caaa943ad1ccd66f6445badff794584a258b...d0acc2b10be7013e262474d8b15b44e6f5c127b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211015/569b8a77/attachment.htm>
More information about the debian-security-tracker-commits
mailing list