diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-21 23:13:02 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-21 23:13:02 +0100 |
| commit | 537e9a86d320196c71fc1c83d3a36ebbbc793f5e (patch) | |
| tree | acf55b351d46390b378e1e7c9817226797cd5182 | |
| parent | 587880c1df97d6d828a073ab8690f49903c19b20 (diff) | |
first steps at libstb triage
| -rw-r--r-- | data/CVE/list | 4 | ||||
| -rw-r--r-- | data/embedded-code-copies | 3 |
2 files changed, 4 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 30c93dbc63..68d935f31f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -69795,11 +69795,9 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun [buster] - libsixel 1.8.2-1+deb10u1 [stretch] - libsixel <no-dsa> (Minor issue) [jessie] - libsixel <no-dsa> (Minor issue) - - libstb <unfixed> (low) - [buster] - libstb <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/77 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer) - NOTE: Potentially affects darknet, gem, yquake2, osgearth, renderdoc, glfw3, utox, goxel, mame, libsfml + NOTE: CVE description is misleading, not an issue in libstb CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...) {DLA-1632-1} - libsndfile 1.0.28-5 (bug #917416) diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 21d9d41ad8..172a10e711 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -3461,3 +3461,6 @@ ezxml (not packaged) - navit <unfixed> (embed) - netcdf <unfixed> (embed) - netcdf-parallel <unfixed> (embed) + +libstb + - goxel <unfixed> (embed; bug #949552) |