[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-12973,openjpeg2: Jessie is not affected

Wed Jul 10 16:28:23 BST 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e6910fe by Markus Koschany at 2019-07-10T15:27:27Z
CVE-2019-12973,openjpeg2: Jessie is not affected

Vulnerable code is not present.

- - - - -
4813c2d3 by Markus Koschany at 2019-07-10T15:28:11Z
Reserve DLA-1851-1 for openjpeg2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1236,6 +1236,7 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
 	- openjpeg2 <unfixed> (bug #931292)
+	[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1185
 	NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
 	NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Jul 2019] DLA-1851-1 openjpeg2 - security update
+	{CVE-2016-9112 CVE-2018-20847}
+	[jessie] - openjpeg2 2.1.0-2+deb8u7
 [10 Jul 2019] DLA-1850-1 redis - security update
 	{CVE-2019-10192}
 	[jessie] - redis 2:2.8.17-1+deb8u7


=====================================
data/dla-needed.txt
=====================================
@@ -89,8 +89,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-openjpeg2 (Markus Koschany)
---
 otrs2 (Abhijith PA)
 --
 python3.4 (Jonas Meurer)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c086f4130a1428d202c57c79d305d8fbe24742ae...4813c2d3466afe44c2b78afaca3df6846e6a70a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c086f4130a1428d202c57c79d305d8fbe24742ae...4813c2d3466afe44c2b78afaca3df6846e6a70a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/3e3095db/attachment.html>
