[Git][security-tracker-team/security-tracker][master] Reserve DLA-2667-1 for djvulibre

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a03ea860 by Sylvain Beucler at 2021-05-26T17:15:49+02:00
Reserve DLA-2667-1 for djvulibre

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5079,7 +5079,6 @@ CVE-2021-3500
 	RESERVED
 	- djvulibre 3.5.28-2 (bug #988215)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
 	NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
@@ -111398,7 +111397,6 @@ CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function
 	{DLA-1985-1}
 	- djvulibre 3.5.27.1-14 (bug #945114)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/309/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
 CVE-2019-18803
@@ -124984,28 +124982,24 @@ CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service a
 	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/298/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
 CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...)
 	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/299/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
 CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
 	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/297/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
 CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
 	{DLA-1902-1}
 	- djvulibre 3.5.27.1-11 (low)
 	[buster] - djvulibre <no-dsa> (Minor issue)
-	[stretch] - djvulibre <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/djvu/bugs/296/
 	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
 CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 May 2021] DLA-2667-1 djvulibre - security update
+	{CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493}
+	[stretch] - djvulibre 3.5.27.1-7+deb9u1
 [24 May 2021] DLA-2666-1 libx11 - security update
 	{CVE-2021-31535}
 	[stretch] - libx11 2:1.6.4-3+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -39,8 +39,6 @@ condor
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
   NOTE: 20210205: Some patches seems to be available but not clear if it solves the whole issue or not. (ola)
 --
-djvulibre (Sylvain Beucler)
---
 eterm (Utkarsh)
   NOTE: 20210521: src/term.c:process_escape_seq(), probably just disable vulnerable escape sequence
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a03ea860d260b8a2ef7aa67526221859b187d50b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a03ea860d260b8a2ef7aa67526221859b187d50b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210526/d99a6130/attachment.htm>