[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust version for CVE-2018-11489/giflib
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 5 13:15:04 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9796f3a3 by Salvatore Bonaccorso at 2022-12-05T14:14:01+01:00
Adjust version for CVE-2018-11489/giflib
The patch did not land in 4.1.6-11 but was applied earlier to unstable
in 4.1.4-1.
- - - - -
91e19f58 by Salvatore Bonaccorso at 2022-12-05T14:14:02+01:00
Mark one non-cveified giflib issue as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -305201,7 +305201,7 @@ CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibl
NOTE: https://sourceforge.net/p/giflib/code/ci/08438a5098f3bb1de23a29334af55eba663f75bd/
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
- - giflib 4.1.6-11 (bug #904113)
+ - giflib 4.1.4-1 (bug #904113)
NOTE: https://github.com/pts/sam2p/issues/37
NOTE: https://sourceforge.net/p/giflib/bugs/112/
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
@@ -413548,10 +413548,7 @@ CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote auth
[wheezy] - rabbitmq-server <not-affected> (lengths_age or lengths_incr parameters are not present)
NOTE: https://github.com/rabbitmq/rabbitmq-management/issues/97
CVE-2016-XXXX [out of bound read and write issues]
- - giflib 5.1.4-0.1 (bug #820594)
- [jessie] - giflib <no-dsa> (unimportant)
- [wheezy] - giflib <no-dsa> (Minor issue)
- [squeeze] - giflib <no-dsa> (Minor issue)
+ - giflib 5.1.4-0.1 (bug #820594; unimportant)
NOTE: http://sourceforge.net/p/giflib/bugs/82/
NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/26/5
NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7488ea1dde5f369cd5f04a9bafb11cb453a35b...91e19f5866794bbead12dbe104a1a7fa1c5b5cdb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7488ea1dde5f369cd5f04a9bafb11cb453a35b...91e19f5866794bbead12dbe104a1a7fa1c5b5cdb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221205/2395591f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list