[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch
Markus Koschany (@apo)
apo at debian.org
Tue May 31 15:39:35 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55c12562 by Markus Koschany at 2022-05-31T16:38:42+02:00
CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch
- - - - -
c912b00d by Markus Koschany at 2022-05-31T16:39:24+02:00
Reserve DLA-3037-1 for libjpeg-turbo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -234641,7 +234641,6 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...)
- libjpeg-turbo 1:2.0.5-1 (low)
[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
NOTE: https://source.android.com/security/bulletin/2019-11-01
NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2022] DLA-3037-1 libjpeg-turbo - security update
+ {CVE-2019-2201}
+ [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u2
[31 May 2022] DLA-3036-1 pjproject - security update
{CVE-2022-24763 CVE-2022-24792 CVE-2022-24793}
[stretch] - pjproject 2.5.5~dfsg-6+deb9u5
=====================================
data/dla-needed.txt
=====================================
@@ -140,11 +140,6 @@ lemonldap-ng
NOTE: 20220529: Programming language: Perl.
NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk)
--
-libjpeg-turbo (Markus Koschany)
- NOTE: 20220529: Programming language: C.
- NOTE: 20220523: Follow buster: harmonize with with Debian 10.7 (only 1 CVE but last
- NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk)
---
liblouis (Andreas Rönnquist)
NOTE: 20220529: Programming language: C.
NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220531/97cef747/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list