[Git][security-tracker-team/security-tracker][master] Revert "CVE-2020-36123/libsixel <not-affected>"

Fri Mar 11 19:39:55 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7e42592 by Salvatore Bonaccorso at 2022-03-11T20:35:31+01:00
Revert "CVE-2020-36123/libsixel <not-affected>"

This reverts commit 328df32fa750eab663b5d810216c65b31a900ac3.

Not reproducing is not directly a reason for beeing not-affected. Maybe
the issue turns out it's invalid. If this can be confirmed asking MITRE
to reject (or at least dispute) the CVE entry can be an option.

Asked reporter of the issue about the reason:
https://github.com/saitoha/libsixel/issues/144

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80765,9 +80765,7 @@ CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affec
 CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
 	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36123 (saitoha libsixel v1.8.6 was discovered to contain a double free via th ...)
-	- libsixel <not-affected> (cannot reproduce)
-	NOTE: https://github.com/saitoha/libsixel/issues/144
-	NOTE: upstream issue closed by submitter without upstream comment
+	TODO: check
 CVE-2020-36122
 	RESERVED
 CVE-2020-36121



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e4259227bbc77d301bdc1fe3430cbe6a6b7346

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e4259227bbc77d301bdc1fe3430cbe6a6b7346
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220311/c73e2979/attachment.htm>
