[Git][security-tracker-team/security-tracker][master] 3 commits: add exiv2
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Sep 26 18:21:22 BST 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a86b965a by Thorsten Alteholz at 2021-09-26T19:18:32+02:00
add exiv2
- - - - -
9eacc86f by Thorsten Alteholz at 2021-09-26T19:18:59+02:00
add faad2
- - - - -
604a63bf by Thorsten Alteholz at 2021-09-26T19:20:56+02:00
mark some CVEs of libsixel as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -78985,11 +78985,13 @@ CVE-2020-21549
CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/116
NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4)
CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/114
NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4)
CVE-2020-21546
@@ -80016,16 +80018,19 @@ CVE-2020-21051
CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3)
NOTE: https://github.com/saitoha/libsixel/issues/75
CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/74
NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5)
CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...)
- libsixel 1.8.6-1
[buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/73
NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4)
NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4)
=====================================
data/dla-needed.txt
=====================================
@@ -35,6 +35,10 @@ debian-archive-keyring (Utkarsh)
NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
--
+exiv2 (Thorsten Alteholz)
+--
+faad2 (Thorsten Alteholz)
+--
ffmpeg (Anton Gladky)
NOTE: probably wait until stuff is fixed in Buster
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210926/67370dfa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list