[Git][security-tracker-team/security-tracker][master] Reserve DLA-2975-1 for openjpeg2
Anton Gladky (@gladk)
gladk at debian.org
Sun Apr 10 13:23:25 BST 2022
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c681532d by Anton Gladky at 2022-04-10T14:23:08+02:00
Reserve DLA-2975-1 for openjpeg2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -67643,7 +67643,6 @@ CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to c
- openjpeg2 2.4.0-4 (bug #987276)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1338
NOTE: https://github.com/uclouvain/openjpeg/commit/79c7d7af598b778c3cdcb455df23d50efc95eb3c
CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...)
@@ -102372,13 +102371,11 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions
CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...)
{DSA-4882-1}
- openjpeg2 2.4.0-1 (bug #983663)
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1297
NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0)
CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
{DSA-4882-1}
- openjpeg2 2.4.0-1
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1294
NOTE: Commit-Fix (#1294 is still opened though) https://github.com/uclouvain/openjpeg/commit/fbd30b064f8f9607d500437b6fedc41431fd6cdc
CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Apr 2022] DLA-2975-1 openjpeg2 - security update
+ {CVE-2020-27842 CVE-2020-27843 CVE-2021-29338 CVE-2022-1122}
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u7
[10 Apr 2022] DLA-2974-1 fribidi - security update
{CVE-2022-25308 CVE-2022-25309 CVE-2022-25310}
[stretch] - fribidi 0.19.7-1+deb9u2
=====================================
data/dla-needed.txt
=====================================
@@ -109,9 +109,6 @@ nvidia-graphics-drivers
NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
NOTE: 20220209: backport (apo)
--
-openjpeg2 (Anton)
- NOTE: 20220330: also align with DSA-4882-1 (Beuc)
---
openvpn
NOTE: 20220402: harmonize with buster/10.10 (Beuc)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c681532d788c577cb5f11b5020d49095bbf1973a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c681532d788c577cb5f11b5020d49095bbf1973a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220410/e72ff719/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list