Add CVE-2020-25559/gnuplot

author: Salvatore Bonaccorso <carnil@debian.org> 2020-09-16 22:27:42 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-09-16 22:27:42 +0200
commit: 9b229bf8dad8319427e6b8f2b28a2ce30b66e0fe (patch)
tree: 12f08994e8b969444b9727c78a84f166d8807eb7 /data
parent: 2dea4da75ec2d8b6622199981281834822a16b51 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 8a3f0f5ac4..49ca951d92 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -124,7 +124,10 @@ CVE-2020-25561
 CVE-2020-25560
 	RESERVED
 CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...)
-	TODO: check
+	- gnuplot <unfixed> (unimportant)
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/
+	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
+	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2020-25558
 	RESERVED
 CVE-2020-25557
author	Salvatore Bonaccorso <carnil@debian.org>	2020-09-16 22:27:42 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-09-16 22:27:42 +0200
commit	9b229bf8dad8319427e6b8f2b28a2ce30b66e0fe (patch)
tree	12f08994e8b969444b9727c78a84f166d8807eb7 /data
parent	2dea4da75ec2d8b6622199981281834822a16b51 (diff)