[Git][security-tracker-team/security-tracker][master] update additional jpeg-xl issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 26 15:57:24 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6498e87 by Moritz Muehlenhoff at 2022-09-26T16:56:54+02:00
update additional jpeg-xl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84891,9 +84891,10 @@ CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/ex
 	NOTE: https://github.com/libjxl/libjxl/pull/313
 	NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5)
 CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
-	- jpeg-xl <unfixed>
+	- jpeg-xl <unfixed> (unimportant)
 	NOTE: https://github.com/libjxl/libjxl/issues/422
 	NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
+	NOTE: Negligible security impact
 CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
 	- sqlite3 3.36.0-2 (unimportant)
 	[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
@@ -107086,7 +107087,7 @@ CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rus
 CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There  ...)
 	NOT-FOR-US: Rust crate bam
 CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
-	- jpeg-xl <itp> (bug #948862)
+	- jpeg-xl <not-affected> (Fixed before initial release)
 CVE-2021-28025
 	RESERVED
 CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk  ...)
@@ -107628,7 +107629,7 @@ CVE-2021-27806
 CVE-2021-27805
 	RESERVED
 CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...)
-	- jpeg-xl <itp> (bug #948862)
+	- jpeg-xl <not-affected> (Fixed before initial release)
 CVE-2021-27802
 	REJECTED
 CVE-2021-27801



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6498e8745d4dfa8186cbda7f24ac06651092ae3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6498e8745d4dfa8186cbda7f24ac06651092ae3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220926/ccc5cb64/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list