[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-21676/fig2dev: precise versions

Thu, 19 Aug 2021 09:58:39 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5bf6b1ed by Sylvain Beucler at 2021-08-19T18:57:54+02:00
CVE-2020-21676/fig2dev: precise versions

- - - - -
8a7c6d00 by Sylvain Beucler at 2021-08-19T18:57:55+02:00
CVE-2021-3561/fig2dev: patch requirement

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13223,6 +13223,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev 
version 3.2.8a. A flawed
        - transfig <removed>
        NOTE: https://sourceforge.net/p/mcj/tickets/116/
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
+       NOTE: Depends on CVE-2019-19797 fix
 CVE-2021-3560 [local privilege escalation using 
polkit_system_bus_name_get_creds_sync()]
        RESERVED
        - policykit-1 0.105-31 (bug #989429)
@@ -72474,9 +72475,11 @@ CVE-2020-21677 (A heap-based buffer overflow in the 
sixel_encoder_output_without
 CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component 
in genp ...)
        - fig2dev 1:3.2.8-1
        [buster] - fig2dev <no-dsa> (Minor issue)
+       [stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
        - transfig <removed>
        NOTE: https://sourceforge.net/p/mcj/tickets/76/
        NOTE: 
https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/
 (3.2.8)
+       NOTE: Introduced by 
https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de
 (3.2.7)
 CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in 
genptk.c ...)
        - fig2dev 1:3.2.7b-3
        [buster] - fig2dev 1:3.2.7a-5+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03faf9bcd6b070cb6626b64a8eb9da07bd744e1d...8a7c6d0036509a330339c507abf857a658eb20b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03faf9bcd6b070cb6626b64a8eb9da07bd744e1d...8a7c6d0036509a330339c507abf857a658eb20b9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to