[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: update freeimage
Hugo Lefeuvre
hle at debian.org
Sat Nov 23 09:27:52 GMT 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b644870 by Hugo Lefeuvre at 2019-11-23T09:27:06Z
dla-needed: update freeimage
- - - - -
a4ccc7dc by Hugo Lefeuvre at 2019-11-23T09:27:06Z
CVE-2019-1221{1,3}/freeimage: add commit links
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -23697,6 +23697,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
+ NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...)
- freeimage <unfixed> (bug #929597)
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -23707,6 +23708,7 @@ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to th
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
+ NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug ...)
- pam-u2f 1.0.8-1 (low; bug #930023)
[buster] - pam-u2f 1.0.7-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -24,10 +24,8 @@ bind9 (Thorsten Alteholz)
NOTE: no point release in Jessie, so fix it here
--
freeimage (hle)
- NOTE: Maintainer will take care of the update.
- NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
- NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
NOTE: 20191028: submitted a patch for CVE-2019-12211, see Debian bug report
+ NOTE: 20191123: upstream appears to have merged a modified version of my patch
--
ibus
NOTE: 20191020: Fix for regression in KDE apps still not available (apo)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a524583d2345743e834ef71e0d40548097c15055...a4ccc7dcb8112cd2d816c9aaa0d7bb57cc9b0a39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a524583d2345743e834ef71e0d40548097c15055...a4ccc7dcb8112cd2d816c9aaa0d7bb57cc9b0a39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191123/af615a31/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list