[Git][security-tracker-team/security-tracker][master] Triage CVE-2023-27586 in cairosvg for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Wed Mar 29 00:36:25 BST 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8055f9ac by Chris Lamb at 2023-03-29T00:35:56+01:00
Triage CVE-2023-27586 in cairosvg for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4350,6 +4350,7 @@ CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and list
NOT-FOR-US: ReadtoMyShoe
CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...)
- cairosvg 2.5.2-1.1 (bug #1033295)
+ [buster] - cairosvg <no-dsa> (Minor issue; fix would require backporting entire --unsafe mechanism)
NOTE: https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 (2.7.0)
NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8055f9acfaeea332aa9dd1ccda86e706fe65fc80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8055f9acfaeea332aa9dd1ccda86e706fe65fc80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230328/3ebf15b0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list