[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12973/openjpeg2

Sun Jun 30 19:49:01 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79214299 by Salvatore Bonaccorso at 2019-06-30T18:48:46Z
Add CVE-2019-12973/openjpeg2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -219,7 +219,11 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
-	TODO: check
+	- openjpeg2 <unfixed>
+	NOTE: https://github.com/uclouvain/openjpeg/pull/1185
+	NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
+	NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66
+	NOTE: Issue is similar to CVE-2018-6616.
 CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24689



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7921429966225de086da390e368f94e9ec8046b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7921429966225de086da390e368f94e9ec8046b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190630/32f325c7/attachment.html>
