[Git][security-tracker-team/security-tracker][master] Reserve DLA-2868-1 for advancecomp

Adrian Bunk (@bunk) bunk at debian.org
Wed Dec 29 21:37:35 GMT 2021



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d16ccec by Adrian Bunk at 2021-12-29T23:37:22+02:00
Reserve DLA-2868-1 for advancecomp

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -182465,7 +182465,6 @@ CVE-2019-9211 (There is a reachable assertion abort in the function write_long_s
 CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer  ...)
 	{DLA-1702-1}
 	- advancecomp 2.1-2 (low; bug #923416)
-	[stretch] - advancecomp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/277/
 	NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
 CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...)
@@ -184872,7 +184871,6 @@ CVE-2019-8384
 	RESERVED
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory  ...)
 	- advancecomp 2.1-2.1 (bug #928730)
-	[stretch] - advancecomp <no-dsa> (Minor issue)
 	[jessie] - advancecomp <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/272/
 	NOTE: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01
@@ -184886,7 +184884,6 @@ CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer deref
 	NOT-FOR-US: Bento4
 CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
 	- advancecomp 2.1-2.1 (bug #928729)
-	[stretch] - advancecomp <no-dsa> (Minor issue)
 	[jessie] - advancecomp <ignored> (Minor issue)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/271/
 	NOTE: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040
@@ -259473,7 +259470,6 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from
 CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
 	{DLA-1702-1 DLA-1281-1}
 	- advancecomp 2.1-1 (bug #889270)
-	[stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://sourceforge.net/p/advancemame/bugs/259/
 	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
 CVE-2018-1055


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2021] DLA-2868-1 advancecomp - security update
+	{CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210}
+	[stretch] - advancecomp 1.20-1+deb9u1
 [29 Dec 2021] DLA-2857-2 postgis - regression update
 	[stretch] - postgis 2.3.1+dfsg-2+deb9u2
 [29 Dec 2021] DLA-2867-1 spip - security update


=====================================
data/dla-needed.txt
=====================================
@@ -12,8 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
---
-advancecomp (Adrian Bunk)
 --
 agg (Adrian Bunk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d16ccec10537c184b3f83ba609f44ea8e454d0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d16ccec10537c184b3f83ba609f44ea8e454d0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211229/19cbf5b7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list