[Git][security-tracker-team/security-tracker][master] CVE-2019-12214 update for openjpeg and freeimage
Ola Lundqvist (@opal)
opal at debian.org
Sun Apr 14 12:51:20 BST 2024
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08bd7be3 by Ola Lundqvist at 2024-04-14T13:48:42+02:00
CVE-2019-12214 update for openjpeg and freeimage
Updated the information for CVE-2019-12214 based on information in
https://lists.debian.org/debian-lts/2024/04/msg00081.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -347217,13 +347217,17 @@ CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of m
- freeimage <unfixed> (bug #947478)
[bookworm] - freeimage <postponed> (Revisit when upstream fixes are available)
[bullseye] - freeimage <postponed> (Revisit when upstream fixes are available)
- [buster] - freeimage <postponed> (Revisit when upstream fixes are available)
+ [buster] - freeimage <not-affected> (Do not include openjpeg copy since 3.10.0-3)
+ [buster] - openjpeg2 2.1.0-1
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
NOTE: very few information regarding this vulnerability, which is seemingly located
NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, this is
NOTE: nearly unfixable.
+ NOTE: Turned out that the issue is not in freeimage at all, but rather in openjpeg.
+ NOTE: For more information see https://lists.debian.org/debian-lts/2024/04/msg00058.html
+ NOTE: and more specifically https://lists.debian.org/debian-lts/2024/04/msg00081.html
CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...)
{DSA-4593-1 DLA-2031-1}
- freeimage 3.18.0+ds2-3 (bug #929597)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd7be3935f565a9252bc5f9581885b405cc758
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd7be3935f565a9252bc5f9581885b405cc758
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240414/b5e0816f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list