[Git][security-tracker-team/security-tracker][master] Reserve DLA-2031-1 for freeimage

[Hugo Lefeuvre]

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bfc70e8 by Hugo Lefeuvre at 2019-12-10T16:28:30Z
Reserve DLA-2031-1 for freeimage

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Dec 2019] DLA-2031-1 freeimage - security update
+	{CVE-2019-12211 CVE-2019-12213}
+	[jessie] - freeimage 3.15.4-4.2+deb8u2
 [10 Dec 2019] DLA-2030-1 jackson-databind - security update
 	{CVE-2019-17267 CVE-2019-17531}
 	[jessie] - jackson-databind 2.4.2-2+deb8u10


=====================================
data/dla-needed.txt
=====================================
@@ -21,8 +21,8 @@ clamav (Hugo Lefeuvre)
 davical (Roberto C. Sánchez)
 --
 freeimage (Hugo Lefeuvre)
-  NOTE: 20191028: submitted a patch for CVE-2019-12211, see Debian bug report
-  NOTE: 20191209: upload pending
+  NOTE: 20191210: already released DLA-2031-1, still working on CVE-2019-12214 and CVE-2019-12212.
+  NOTE: CVE-2019-12214: fuzzed with an ancient version of openjpeg, needs more investigation
 --
 ibus
   NOTE: 20191210: Requires glib2.0 to be patched also.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bfc70e8dfca761d3814b984f3d982cc96115cc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bfc70e8dfca761d3814b984f3d982cc96115cc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191210/7558c51b/attachment-0001.html>