[Git][security-tracker-team/security-tracker][master] slic3r non issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 11 19:05:58 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b0fb7d5b by Moritz Muehlenhoff at 2022-07-11T20:05:34+02:00
slic3r non issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40212,13 +40212,15 @@ CVE-2021-45849
CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later all ...)
- nicotine-plus <itp> (bug #966000)
CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
- - slic3r <unfixed>
+ - slic3r <unfixed> (unimportant)
NOTE: https://github.com/slic3r/Slic3r/issues/5118
NOTE: https://github.com/slic3r/Slic3r/issues/5119
NOTE: https://github.com/slic3r/Slic3r/issues/5120
+ NOTE: Crash in GUI tool, no security impact
CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...)
- - slic3r <unfixed>
+ - slic3r <unfixed> (unimportant)
NOTE: https://github.com/slic3r/Slic3r/issues/5117
+ NOTE: Crash in GUI tool, no security impact
CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
- freecad 0.19.4+dfsg1-1
[stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
@@ -43482,13 +43484,13 @@ CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lu
CVE-2021-44963
RESERVED
CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...)
- - slic3r <unfixed>
+ - slic3r <unfixed> (unimportant)
NOTE: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw
- TODO: check upstream fix
+ NOTE: Crash in GUI tool, no security impact
CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...)
- - slic3r <unfixed>
+ - slic3r <unfixed> (unimportant)
NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w
- TODO: check upstream commit
+ NOTE: memory overusage in GUI tool, no security impact
CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
- svgpp <unfixed> (bug #1014599)
[bullseye] - svgpp <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/e11a7f1a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list