[Git][security-tracker-team/security-tracker][master] Reserve DLA-3754-1 for fontforge
Adrian Bunk (@bunk)
bunk at debian.org
Thu Mar 7 23:03:18 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
afd03b29 by Adrian Bunk at 2024-03-08T01:02:57+02:00
Reserve DLA-3754-1 for fontforge
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -299331,7 +299331,6 @@ CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect t
NOT-FOR-US: MITREid Connect
CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
- fontforge 1:20201107~dfsg-1 (bug #948231)
- [buster] - fontforge <no-dsa> (Minor issue)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/4085
@@ -299549,7 +299548,6 @@ CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6,
NOT-FOR-US: VMware
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
- fontforge 1:20201107~dfsg-1 (bug #948231)
- [buster] - fontforge <no-dsa> (Minor issue)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/4084
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Mar 2024] DLA-3754-1 fontforge - security update
+ {CVE-2020-5395 CVE-2020-5496 CVE-2024-25081 CVE-2024-25082}
+ [buster] - fontforge 1:20170731~dfsg-1+deb10u1
[06 Mar 2024] DLA-3753-1 yard - security update
{CVE-2019-1020001 CVE-2024-27285}
[buster] - yard 0.9.16-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -101,9 +101,6 @@ exiftags
expat
NOTE: 20240306: Added by Front-Desk (opal)
--
-fontforge (Adrian Bunk)
- NOTE: 20240306: Added by Front-Desk (opal)
---
freeimage
NOTE: 20240121: Added by Front-Desk (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd03b2915fb9afbb3ac5849fd89f01080b8714e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd03b2915fb9afbb3ac5849fd89f01080b8714e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/d389b805/attachment.htm>
More information about the debian-security-tracker-commits
mailing list