[Git][security-tracker-team/security-tracker][master] Clone bug for CVE-2019-1221{2,4}/freeimage to separate bugs
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 27 15:20:52 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8460ed5b by Salvatore Bonaccorso at 2019-12-27T15:18:49Z
Clone bug for CVE-2019-1221{2,4}/freeimage to separate bugs
There is upstream fix only for CVE-2019-12211 and CVE-2019-12213 (which
was done upstream in the same upstream commit, whilst beeing different
issues) but there is not fix for CVE-2019-12212 and CVE-2019-12214. In
the later case it's even not clear if this is is an issue in freeimage.
Clone the original bug to make possible to track status separately for
the remaining issues while CVE-2019-12211 and CVE-2019-12213 could be
fixed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30608,7 +30608,7 @@ CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer
CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in ...)
- matomo <itp> (bug #448532)
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)
- - freeimage <unfixed> (bug #929597)
+ - freeimage <unfixed> (bug #947478)
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -30624,7 +30624,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...)
- - freeimage <unfixed> (bug #929597)
+ - freeimage <unfixed> (bug #947477)
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8460ed5b8a236d77a4b1c13ceb7f64a37995943f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8460ed5b8a236d77a4b1c13ceb7f64a37995943f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191227/6b1dca26/attachment.html>
More information about the debian-security-tracker-commits
mailing list