[Git][security-tracker-team/security-tracker][master] Add for now back a todo item for CVE-2021-4270{0,2,4}
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 28 09:35:10 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
faf785b6 by Salvatore Bonaccorso at 2022-05-28T10:32:12+02:00
Add for now back a todo item for CVE-2021-4270{0,2,4}
As pointed out in the previous commit f134d659cbbe
("CVE-2021-42700,CVE-2021-42702,CVE-2021-42704/inkscape: add reference")
by Sylvain, it's actually unclear which changes in libuemf do address
the assigned CVEs according to the done research by SuSE contributor in
contact with upstream.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41914,18 +41914,21 @@ CVE-2021-42704 (Inkscape version 0.19 is vulnerable to an out-of-bounds write, w
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
NOT-FOR-US: Advantech
CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer, which may a ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
NOT-FOR-US: AzeoTech
CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
+ TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
NOT-FOR-US: AzeoTech
CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf785b604f8239604e07e8a7e5d20e769c3a985
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf785b604f8239604e07e8a7e5d20e769c3a985
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220528/25cf8242/attachment.htm>
More information about the debian-security-tracker-commits
mailing list