[Git][security-tracker-team/security-tracker][master] slic3r non issues

Mon, 11 Jul 2022 11:06:07 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b0fb7d5b by Moritz Muehlenhoff at 2022-07-11T20:05:34+02:00
slic3r non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40212,13 +40212,15 @@ CVE-2021-45849
 CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and 
later all ...)
        - nicotine-plus <itp> (bug #966000)
 CVE-2021-45847 (Several missing input validations in the 3MF parser component 
of Slic3 ...)
-       - slic3r <unfixed>
+       - slic3r <unfixed> (unimportant)
        NOTE: https://github.com/slic3r/Slic3r/issues/5118
        NOTE: https://github.com/slic3r/Slic3r/issues/5119
        NOTE: https://github.com/slic3r/Slic3r/issues/5120
+       NOTE: Crash in GUI tool, no security impact
 CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an 
attacker  ...)
-       - slic3r <unfixed>
+       - slic3r <unfixed> (unimportant)
        NOTE: https://github.com/slic3r/Slic3r/issues/5117
+       NOTE: Crash in GUI tool, no security impact
 CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to 
OS comma ...)
        - freecad 0.19.4+dfsg1-1
        [stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
@@ -43482,13 +43484,13 @@ CVE-2021-44964 (Use after free in garbage collector 
and finalizer of lgc.c in Lu
 CVE-2021-44963
        RESERVED
 CVE-2021-44962 (An out-of-bounds read vulnerability exists in the 
GCode::extrude() fun ...)
-       - slic3r <unfixed>
+       - slic3r <unfixed> (unimportant)
        NOTE: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw
-       TODO: check upstream fix
+       NOTE: Crash in GUI tool, no security impact
 CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator 
of Slic3r ...)
-       - slic3r <unfixed>
+       - slic3r <unfixed> (unimportant)
        NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w
-       TODO: check upstream commit
+       NOTE: memory overusage in GUI tool, no security impact
 CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot 
function in the ...)
        - svgpp <unfixed> (bug #1014599)
        [bullseye] - svgpp <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fb7d5be622ad4f8f8fea62f72d8d7c1c5eb467
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to