Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68ea4e4f by Salvatore Bonaccorso at 2019-09-08T15:08:07Z
Update several libsixel entries triaged by maintainer
As reported by Sylvain Beucler after triage and further investigated
Takatsugu Nokubi those are the ones confirmed to affect unstable, buster
and stretch. Move thus state from undetermined to unfixed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41980,15 +41980,21 @@ CVE-2018-19765 (Cross Site Scripting exists in
InfoVista VistaPortal SE Version
CVE-2018-19764
REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function:
write_pn ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/82
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c
(function: image_ ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/81
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function:
sixel_dec ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/78
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
...)
@@ -41999,7 +42005,9 @@ CVE-2018-19760 (cfg_init in confuse.c in libConfuse
3.2.2 has a memory leak. ...
NOTE: Issue caused by premature exit without cleanup on an error in the
caller
NOTE: not in the library; Negligible security impact in itself and
disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h
(function: ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/77
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in
wav_write_header in ...)
@@ -42011,11 +42019,15 @@ CVE-2018-19758 (There is a heap-based buffer
over-read at wav.c in wav_write_hea
NOTE:
https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
NOTE: when fixing this issue, the fix needs to be made complete to not
open CVE-2019-3832
CVE-2018-19757 (There is a NULL pointer dereference at function
sixel_helper_set_addit ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/79
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h
(function: stbi_ ...)
- - libsixel <undetermined> (bug #931311)
+ - libsixel <unfixed> (bug #931311)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/80
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function:
is_mmac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68ea4e4fbd8f219ce43f4b3d62d7c999cbd45752
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68ea4e4fbd8f219ce43f4b3d62d7c999cbd45752
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
