[Git][security-tracker-team/security-tracker][master] Add two new jpeg-xl issues

Mon Nov 25 20:57:53 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c20c439 by Salvatore Bonaccorso at 2024-11-25T21:57:25+01:00
Add two new jpeg-xl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,9 +102,12 @@ CVE-2024-11647 (A vulnerability, which was classified as critical, has been foun
 CVE-2024-11646 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
 	NOT-FOR-US: 1000 Projects Beauty Parlour Management System
 CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A specifically-crafted  ...)
-	TODO: check
+	- jpeg-xl <unfixed>
+	NOTE: https://github.com/libjxl/libjxl/pull/3943
+	NOTE: https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
 CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions prior to c ...)
-	TODO: check
+	- jpeg-xl <unfixed>
+	NOTE: https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99
 CVE-2024-10710 (The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10709 (The YaDisk Files WordPress plugin through 1.2.5 does not validate and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c20c43933078d17784b14a47def9173c61ad175

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c20c43933078d17784b14a47def9173c61ad175
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241125/9f177ec8/attachment.htm>
