[Git][security-tracker-team/security-tracker][master] djvulibre: reference upstream patches

Sylvain Beucler (@beuc) beuc at debian.org
Tue May 25 16:55:58 BST 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12af51f2 by Sylvain Beucler at 2021-05-25T17:54:33+02:00
djvulibre: reference upstream patches
CVE-2021-3500
CVE-2021-32490
CVE-2021-32491
CVE-2021-32492
CVE-2021-32493

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2348,18 +2348,22 @@ CVE-2021-32493
 	RESERVED
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
+	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
 CVE-2021-32492
 	RESERVED
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
+	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
 CVE-2021-32491
 	RESERVED
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
+	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
 CVE-2021-32490
 	RESERVED
 	- djvulibre 3.5.28-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
+	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
 CVE-2021-3541
 	RESERVED
 	- libxml2 2.9.10+dfsg-6.7 (bug #988603)
@@ -5005,6 +5009,7 @@ CVE-2021-3500
 	[stretch] - djvulibre <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
 	NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
+	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
 CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...)
 	NOT-FOR-US: dio package for Dart
 CVE-2021-31401



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12af51f2605e7c64eb21083038d61621a9c8a7c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12af51f2605e7c64eb21083038d61621a9c8a7c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/e219f6d8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list