From 0bb110add891ca662cfc685d7772fbf46d35c396 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 4 Jan 2022 14:01:02 +0100 Subject: Update information on CVE-2021-45944 --- data/CVE/2021.list | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 8b56db8fe6..93974522ce 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -418,10 +418,10 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called f CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...) NOT-FOR-US: uWebSockets CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) - - ghostscript + - ghostscript 9.54.0~dfsg-5 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml - TODO: check, oss-fuzz "fixing commit" cannot be correct as it only removes a documentation snippet. + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25 CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1 - gdal -- cgit v1.2.3