[Git][security-tracker-team/security-tracker][master] slic3r non issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 11 19:05:58 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0fb7d5b by Moritz Muehlenhoff at 2022-07-11T20:05:34+02:00
slic3r non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40212,13 +40212,15 @@ CVE-2021-45849
 CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later all ...)
 	- nicotine-plus <itp> (bug #966000)
 CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
-	- slic3r <unfixed>
+	- slic3r <unfixed> (unimportant)
 	NOTE: https://github.com/slic3r/Slic3r/issues/5118
 	NOTE: https://github.com/slic3r/Slic3r/issues/5119
 	NOTE: https://github.com/slic3r/Slic3r/issues/5120
+	NOTE: Crash in GUI tool, no security impact
 CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker  ...)
-	- slic3r <unfixed>
+	- slic3r <unfixed> (unimportant)
 	NOTE: https://github.com/slic3r/Slic3r/issues/5117
+	NOTE: Crash in GUI tool, no security impact
 CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
 	- freecad 0.19.4+dfsg1-1
 	[stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
@@ -43482,13 +43484,13 @@ CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lu
 CVE-2021-44963
 	RESERVED
 CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...)
-	- slic3r <unfixed>
+	- slic3r <unfixed> (unimportant)
 	NOTE: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw
-	TODO: check upstream fix
+	NOTE: Crash in GUI tool, no security impact
 CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...)
-	- slic3r <unfixed>
+	- slic3r <unfixed> (unimportant)
 	NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w
-	TODO: check upstream commit
+	NOTE: memory overusage in GUI tool, no security impact
 CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
 	- svgpp <unfixed> (bug #1014599)
 	[bullseye] - svgpp <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/e11a7f1a/attachment.htm>


More information about the debian-security-tracker-commits mailing list