Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

Anton Gladky gladk at debian.org
Tue Jun 4 19:20:33 BST 2019


severity 929597 important
thanks

The fix from upstream is still not available. I am not feeling
confident enough to provide a fix for this complex peace
of code without breaking it.

Also reducing the severity. If the security team decides to
keep it "grave" - feel free to revert it.

Regards


Anton

Am Mo., 3. Juni 2019 um 20:23 Uhr schrieb Anton Gladky <gladk at debian.org>:
>
> There is no upstream fix still available.
>
> I am planning to decrease the severity of
> the ticket to normal and track it as a simple
> security issue.
>
> Anton
>
> Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky <gladk at debian.org>:
> >
> > CVE-2019-12214 does not affect buster and stretch.
> > Jessie should be double checked because an older
> > version is used there.
> >
> > Anton
> >
> > Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky <gladk at debian.org>:
> > >
> > > Hi Moritz,
> > >
> > > thanks for the reporting. As far as I see, there is still
> > > no available fix from upstream.
> > >
> > > Cheers
> > >
> > > Anton
> > >
> > > Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff <jmm at debian.org>:
> > > >
> > > > Source: freeimage
> > > > Severity: grave
> > > > Tags: security
> > > >
> > > > Please see
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
> > > >
> > > > Cheers,
> > > >         Moritz
> > > >
> > > > --
> > > > debian-science-maintainers mailing list
> > > > debian-science-maintainers at alioth-lists.debian.net
> > > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers



More information about the debian-science-maintainers mailing list