Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b23fa749 by Moritz Muehlenhoff at 2020-09-08T09:58:39+02:00
two xpdf issues specific to xpdf, not affecting poppler or fixed a long time ago
bison fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -417,17 +417,15 @@ CVE-2020-25001
CVE-2020-25000
RESERVED
CVE-2020-24999 (There is an invalid memory access in the function fprintf
located in E ...)
- - xpdf <undetermined>
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029
- TODO: check
CVE-2020-24998
RESERVED
CVE-2020-24997
RESERVED
CVE-2020-24996 (There is an invalid memory access in the function
TextString::~TextStr ...)
- - xpdf <undetermined>
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
- TODO: check
CVE-2020-24995
RESERVED
CVE-2020-24994
@@ -459,12 +457,12 @@ CVE-2020-24982
CVE-2020-24981 (An Incorrect Access Control vulnerability exists in
/ucms/chk.php in U ...)
NOT-FOR-US: UCMS
CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU
bison 3.7.1. ...)
- - bison <unfixed> (unimportant)
+ - bison 2:3.7.2+dfsg-1 (unimportant)
NOTE:
https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8
NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00009.html
NOTE: Crash in CLI tool, no security impact
CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in
GNU bison ...)
- - bison <unfixed> (unimportant)
+ - bison 2:3.7.2+dfsg-1 (unimportant)
NOTE:
https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988
NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00008.html
NOTE: Crash in CLI tool, no security impact
@@ -2061,7 +2059,7 @@ CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10,
there is heap use-after-fr
NOTE:
https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
NOTE: Crash in CLI tool, no security impact
CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free
in lib/ob ...)
- - bison <unfixed> (unimportant)
+ - bison 2:3.7.2+dfsg-1 (unimportant)
NOTE:
https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d
(v3.7.1)
NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html
NOTE: Crash in CLI tool, no security impact
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
