[Git][security-tracker-team/security-tracker][master] CVE-2024-25{47,48,50}/imlib2 do not affect buster
Adrian Bunk (@bunk)
bunk at debian.org
Mon Mar 18 22:24:00 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab54c701 by Adrian Bunk at 2024-03-19T00:22:17+02:00
CVE-2024-25{47,48,50}/imlib2 do not affect buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9494,23 +9494,26 @@ CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug
CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in the fun ...)
- imlib2 1.10.0-2
[bullseye] - imlib2 <no-dsa> (Minor issue)
- [buster] - imlib2 <no-dsa> (Minor issue)
+ [buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/712
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+ NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0)
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 ...)
- imlib2 1.10.0-2
[bullseye] - imlib2 <no-dsa> (Minor issue)
- [buster] - imlib2 <no-dsa> (Minor issue)
+ [buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/711
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+ NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0)
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of imlib2 ...)
- imlib2 1.10.0-2
[bullseye] - imlib2 <no-dsa> (Minor issue)
- [buster] - imlib2 <no-dsa> (Minor issue)
+ [buster] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/derf/feh/issues/709
NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20
+ NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0)
NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0)
CVE-2024-25446 (An issue in the HuginBase::PTools::setDestImage function of Hugin v202 ...)
- hugin 2023.0~beta1+dfsg-1 (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab54c7018fbef3ca1051ce1d959e8120d0098dd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab54c7018fbef3ca1051ce1d959e8120d0098dd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240318/c6025e11/attachment.htm>
More information about the debian-security-tracker-commits
mailing list