[Git][security-tracker-team/security-tracker][master] libsixel fixed in sid

Wed Jan 12 11:39:50 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4824eb81 by Moritz Muehlenhoff at 2022-01-12T12:39:24+01:00
libsixel fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102736,11 +102736,13 @@ CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authenticat
 CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...)
 	NOT-FOR-US: Eyoucms
 CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
-	- libsixel <unfixed> (bug #990799)
+	- libsixel 1.10.3-1 (bug #990799)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/136
+	NOTE: https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968
+	NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
 CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in  ...)
 	{DLA-2523-1}
 	- imagemagick 8:6.9.11.24+dfsg-1
@@ -123319,12 +123321,14 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows
 	NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
 	NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
-	- libsixel <unfixed> (low; bug #972641)
+	- libsixel 1.10.3-1 (low; bug #972641)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/134
+	NOTE: https://github.com/libsixel/libsixel/commit/032fffba9a6b658acbdeaa1f31abc97530e802e4
+	NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
 CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
 	NOT-FOR-US: Programi Bilanc
 CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824eb81b1703fceba0c43edcb553a5be93cf623

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4824eb81b1703fceba0c43edcb553a5be93cf623
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220112/b043a45c/attachment.htm>
