[Git][security-tracker-team/security-tracker][master] DSA-5032-1 djvulibre

Tue Dec 28 14:28:19 GMT 2021


Florian Weimer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8ac6bc4 by Florian Weimer at 2021-12-28T15:27:51+01:00
DSA-5032-1 djvulibre

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -40016,7 +40016,6 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present
 CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in  ...)
 	{DLA-2667-1}
 	- djvulibre 3.5.28-2 (bug #988215)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
 	NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
@@ -148936,7 +148935,6 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
 	{DLA-2667-1 DLA-1985-1}
 	- djvulibre 3.5.27.1-14 (bug #945114)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/309/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
 CVE-2019-18803
@@ -162515,25 +162513,21 @@ CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 byt
 CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
 	{DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/298/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
 CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
 	{DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/299/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
 CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
 	{DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/297/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
 CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
 	{DLA-2667-1 DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
-	[buster] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/296/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
 CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Dec 2021] DSA-5032-1 djvulibre - security update
+	{CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493}
+	[buster] - djvulibre 3.5.27.1-10+deb10u1
 [23 Dec 2021] DSA-5031-1 wpewebkit - security update
 	{CVE-2021-30887 CVE-2021-30890}
 	[bullseye] - wpewebkit 2.34.3-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -25,8 +25,6 @@ chromium
 --
 condor
 --
-djvulibre (fw)
---
 faad2/oldstable (jmm)
 --
 fort-validator (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8ac6bc4e5bb4187752620e9d7fe03b45eb08810

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8ac6bc4e5bb4187752620e9d7fe03b45eb08810
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211228/37235a62/attachment-0001.htm>
