[Git][security-tracker-team/security-tracker][master] one hylafax issue n/a in Debian
Moritz Muehlenhoff
jmm at debian.org
Wed Jan 13 18:58:59 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c266f120 by Moritz Muehlenhoff at 2021-01-13T19:58:30+01:00
one hylafax issue n/a in Debian
openjpeg no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19217,6 +19217,7 @@ CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. T
NOT-FOR-US: github.com/crewjam/saml
CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...)
- openjpeg2 <unfixed>
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1302
NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63
CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...)
@@ -19225,12 +19226,15 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions
NOTE: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...)
- openjpeg2 <unfixed>
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1297
CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
- openjpeg2 <unfixed>
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1294
CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...)
- openjpeg2 <unfixed>
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1293
NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
CVE-2020-27840
@@ -19295,6 +19299,7 @@ CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in
CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
RESERVED
- openjpeg2 <unfixed>
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1286
NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d
CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2]
@@ -46710,9 +46715,7 @@ CVE-2020-15399
CVE-2020-15398
RESERVED
CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...)
- - hylafax <unfixed> (bug #964198)
- [buster] - hylafax <no-dsa> (Minor issue)
- [stretch] - hylafax <no-dsa> (Minor issue)
+ - hylafax <not-affected> (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian)
NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...)
- hylafax <unfixed> (bug #964198)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210113/09dc6b55/attachment.html>
More information about the debian-security-tracker-commits
mailing list