[Git][security-tracker-team/security-tracker][master] Update information for 3 imlib2 CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 12 20:26:32 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
726f7775 by Salvatore Bonaccorso at 2024-02-12T21:25:49+01:00
Update information for 3 imlib2 CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201,11 +201,20 @@ CVE-2024-25452 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug
 CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via t ...)
 	NOT-FOR-US: Bento4
 CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in the fun ...)
-	TODO: check
+	- imlib2 1.10.0-2
+	NOTE: https://github.com/derf/feh/issues/712
+	NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+	NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
 CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 ...)
-	TODO: check
+	- imlib2 1.10.0-2
+	NOTE: https://github.com/derf/feh/issues/711
+	NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+	NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
 CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of imlib2  ...)
-	TODO: check
+	- imlib2 1.10.0-2
+	NOTE: https://github.com/derf/feh/issues/709
+	NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+	NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
 CVE-2024-25446 (An issue in the HuginBase::PTools::setDestImage function of Hugin v202 ...)
 	- hugin 2023.0~beta1+dfsg-1 (unimportant)
 	NOTE: Crash in CLI tool, no security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/726f77754eba5dc5a7300678f48146b031dd8023

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/726f77754eba5dc5a7300678f48146b031dd8023
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240212/7d384d35/attachment.htm>


More information about the debian-security-tracker-commits mailing list