[Git][security-tracker-team/security-tracker][master] 2 commits: Claim hdf5 and libhtmlcleaner-java in dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31e15e03 by Markus Koschany at 2023-08-07T00:22:52+02:00
Claim hdf5 and libhtmlcleaner-java in dla-needed.txt

- - - - -
e06f3d17 by Markus Koschany at 2023-08-07T00:25:15+02:00
Triage remaining CVE for openimageio as no-dsa

Minor issues

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -31202,6 +31202,7 @@ CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::
 	- openimageio <unfixed> (bug #1034150)
 	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <no-dsa> (Minor issue)
+	[buster] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1)
@@ -31219,6 +31220,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::deco
 	- openimageio <unfixed> (bug #1034150)
 	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <no-dsa> (Minor issue)
+	[buster] - openimageio <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenImageIO/oiio/pull/3768
 	NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1)


=====================================
data/dla-needed.txt
=====================================
@@ -62,7 +62,7 @@ glib2.0 (santiago)
   NOTE: 20230710: WIP (santiago)
   NOTE: 20230724: buster should be ready. need if it's possible to run same reporter's fuzz test
 --
-hdf5
+hdf5 (Markus Koschany)
   NOTE: 20230318: Added by Front-Desk (utkarsh)
   NOTE: 20230318: Consider fixing all the no-dsa and postponed issues as well. (utkarsh)
   NOTE: 20230318: Enrico did some work around hdf5* packaging in the past, probably
@@ -78,7 +78,7 @@ imagemagick
   NOTE: 20230622: Added by Front-Desk (Beuc)
   NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk)
 --
-libhtmlcleaner-java
+libhtmlcleaner-java (Markus Koschany)
   NOTE: 20230806: Added by Front-Desk (gladk)
   NOTE: 20230806: https://github.com/amplafi/htmlcleaner/issues/13#issuecomment-1597626510
   NOTE: 20230806: Please, check the upper link, whether the patch can be got (gladk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7424d3b91318bf9ee796f6be175c61e93684d5e...e06f3d1715ca8c01dabd773a7ec93c8e77b81d6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7424d3b91318bf9ee796f6be175c61e93684d5e...e06f3d1715ca8c01dabd773a7ec93c8e77b81d6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230806/92715e33/attachment-0001.htm>