[Git][security-tracker-team/security-tracker][master] CVE-2020-28600/openscad - fixed in bullseye, not in buster.

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
134f28bb by Neil Williams at 2021-09-03T14:53:54+01:00
CVE-2020-28600/openscad - fixed in bullseye, not in buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57164,9 +57164,12 @@ CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing
 	[buster] - cgal <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-28600 (An out-of-bounds write vulnerability exists in the import_stl.cc:impor ...)
-	- openscad <undetermined>
+	- openscad 2021.01-1
+	[buster] - openscad <unfixed>
+	[stretch] - openscad <not-affected> (Vulnerable code introduced later)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224
-	TODO: cheick, maybe fixed already in 2021.01-1
+	NOTE: introduced at https://github.com/openscad/openscad/commit/25ec72ce0770115ad62c17fe10ee7464ac256391
+	NOTE: vulnerable code removed at https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
 CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
 	- openscad 2021.01-1
 	[buster] - openscad <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134f28bb85cc6e7831b614a93a8f32c2150dd38f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134f28bb85cc6e7831b614a93a8f32c2150dd38f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210903/574b3f8b/attachment.htm>