[Git][security-tracker-team/security-tracker][master] Reserve DLA-3238-1 for pngcheck

Tobias Frost (@tobi) tobi at debian.org
Tue Dec 13 14:41:45 GMT 2022 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67e0c308 by Tobias Frost at 2022-12-13T15:41:28+01:00
Reserve DLA-3238-1 for pngcheck

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -158579,7 +158579,6 @@ CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 whe
 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
 	{DLA-3032-1}
 	- pngcheck 2.3.0-13 (bug #976350)
-	[buster] - pngcheck 2.3.0-7+deb10u1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
 	NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
 CVE-2020-27817


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Dec 2022] DLA-3238-1 pngcheck - security update
+	{CVE-2020-27818 CVE-2020-35511}
+	[buster] - pngcheck 3.0.3-1~deb10u2
 [12 Dec 2022] DLA-3237-1 node-tar - security update
 	{CVE-2021-37701 CVE-2021-37712}
 	[buster] - node-tar 4.4.6+ds1-3+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -232,10 +232,6 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
-pngcheck (tobi)
-  NOTE: 20221127: Programming language: C.
-  NOTE: 20221209: fixes available in newer upstream version, which had siginifant refactoring. https://lists.debian.org/debian-lts/2022/12/msg00010.html
---
 protobuf
   NOTE: 20221031: Programming language: Several.
   NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e0c308bfb8605d0b86f656611c9d58d9b819f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e0c308bfb8605d0b86f656611c9d58d9b819f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/3feeb1ab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list