[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-23922 as unimportant
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 3 08:38:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eab6c33b by Salvatore Bonaccorso at 2022-12-03T09:33:22+01:00
Mark CVE-2020-23922 as unimportant
Not clear reproducible, but impact is negligible. Err rather on the safe
side, but mark it unimportant as it only affects gif2rgb crashing.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -165956,11 +165956,9 @@ CVE-2020-23924
CVE-2020-23923
RESERVED
CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...)
- - giflib <unfixed> (bug #988151)
- [bullseye] - giflib <no-dsa> (Minor issue)
- [buster] - giflib <no-dsa> (Minor issue)
- [stretch] - giflib <no-dsa> (Minor issue)
+ - giflib <unfixed> (unimportant; bug #988151)
NOTE: https://sourceforge.net/p/giflib/bugs/151/
+ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...)
NOT-FOR-US: fast_ber
CVE-2020-23920
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab6c33b2e0200e68e2f59b84778eb0d4bbc96be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221203/92e565a0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list