Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b23fa749 by Moritz Muehlenhoff at 2020-09-08T09:58:39+02:00 two xpdf issues specific to xpdf, not affecting poppler or fixed a long time ago bison fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -417,17 +417,15 @@ CVE-2020-25001 CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - - xpdf <undetermined> + - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 - TODO: check CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) - - xpdf <undetermined> + - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 - TODO: check CVE-2020-24995 RESERVED CVE-2020-24994 @@ -459,12 +457,12 @@ CVE-2020-24982 CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...) NOT-FOR-US: UCMS CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...) - - bison <unfixed> (unimportant) + - bison 2:3.7.2+dfsg-1 (unimportant) NOTE: https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00009.html NOTE: Crash in CLI tool, no security impact CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...) - - bison <unfixed> (unimportant) + - bison 2:3.7.2+dfsg-1 (unimportant) NOTE: https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg00008.html NOTE: Crash in CLI tool, no security impact @@ -2061,7 +2059,7 @@ CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-fr NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c NOTE: Crash in CLI tool, no security impact CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...) - - bison <unfixed> (unimportant) + - bison 2:3.7.2+dfsg-1 (unimportant) NOTE: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1) NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html NOTE: Crash in CLI tool, no security impact View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23fa749854c88c6002346ffb521dac941b7bcc8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits