[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for two freecad issues fixed via unstable

Fri Mar 4 20:08:41 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3d10cd0 by Salvatore Bonaccorso at 2022-03-04T21:01:22+01:00
Track fixed version for two freecad issues fixed via unstable

- - - - -
506028e3 by Salvatore Bonaccorso at 2022-03-04T21:08:11+01:00
Update upstream commit information for CVE-2021-4584{4,5}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13789,14 +13789,16 @@ CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an att
 	- slic3r <unfixed>
 	NOTE: https://github.com/slic3r/Slic3r/issues/5117
 CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
-	- freecad <unfixed>
+	- freecad 0.19.4+dfsg1-1
 	[stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
 	NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306
-	NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406
+	NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406 (master)
+	NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4)
 	NOTE: https://tracker.freecad.org/view.php?id=4810
 CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
-	- freecad <unfixed> (bug #1005747)
-	NOTE: https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (0.20)
+	- freecad 0.19.4+dfsg1-1 (bug #1005747)
+	NOTE: Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master)
+	NOTE: Fxied by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4)
 	NOTE: https://tracker.freecad.org/view.php?id=4809
 CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
 	NOT-FOR-US: glFusion CMS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b9bd847a2c406e34e8dd6609fd13c9940ad861a...506028e36ce4d4780a5be25472d80c2615b3de1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b9bd847a2c406e34e8dd6609fd13c9940ad861a...506028e36ce4d4780a5be25472d80c2615b3de1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220304/f0dd527a/attachment.htm>
