diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-12 11:42:29 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-12 11:42:29 +0100 |
commit | d7f72a162c4e4f975aedf1b1376f885a04068136 (patch) | |
tree | e748dfba1664e2d59ee95c5cf3d7acf80fbe8ebe | |
parent | a4d34c72e629aec232cb8fa58b207cb1dd30c3c4 (diff) |
new leptonlib issues
NFUs
-rw-r--r-- | data/CVE/list | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/data/CVE/list b/data/CVE/list index 3d8cf36b99..9291186e1d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -135,7 +135,7 @@ CVE-2021-28156 CVE-2021-28155 RESERVED CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...) - TODO: check + NOT-FOR-US: Camunda Modeler CVE-2021-28152 RESERVED CVE-2021-28151 @@ -151,19 +151,29 @@ CVE-2021-28147 CVE-2021-28146 RESERVED CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...) - TODO: check + NOT-FOR-US: JMS Client for RabbitMQ CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...) - TODO: check + - leptonlib <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 + NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5 CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...) - TODO: check + - leptonlib <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 + NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...) - TODO: check + - leptonlib <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 + NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4 CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...) - TODO: check + - leptonlib <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 + NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842 CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...) - TODO: check + - leptonlib <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 + NOTE: https://github.com/DanBloomberg/leptonica/pull/499 CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...) - TODO: check + NOT-FOR-US: Wind River VxWorks CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...) - glib2.0 2.66.7-2 (bug #984969) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325 |