[Git][security-tracker-team/security-tracker][master] twisted, libheif DSA

Fri Oct 25 19:08:52 BST 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e20cdfbb by Moritz Mühlenhoff at 2024-10-25T20:08:22+02:00
twisted, libheif DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -85427,7 +85427,6 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violati
 	NOTE: Crash in CLI tool, no security impact (only affects example tool shipped in libheif-examples)
 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...)
 	- libheif 1.17.6-1 (bug #1059151)
-	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
 	[buster] - libheif <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/strukturag/libheif/issues/1043
@@ -92363,7 +92362,6 @@ CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a
 	NOT-FOR-US: era-compiler-vyper
 CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...)
 	- twisted 23.10.0-1 (bug #1054913)
-	[bookworm] - twisted <no-dsa> (Minor issue)
 	[bullseye] - twisted <no-dsa> (Minor issue)
 	[buster] - twisted <no-dsa> (Minor issue)
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
@@ -120675,7 +120673,6 @@ CVE-2023-29660
 	RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
 	- libheif 1.16.2-1 (bug #1035607)
-	[bookworm] - libheif <no-dsa> (Minor issue)
 	[bullseye] - libheif <no-dsa> (Minor issue)
 	[buster] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/issues/794


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[25 Oct 2024] DSA-5797-1 twisted - security update
+	{CVE-2023-46137 CVE-2024-41671 CVE-2024-41810}
+	[bookworm] - twisted 22.4.0-4+deb12u1
+[25 Oct 2024] DSA-5796-1 libheif - security update
+	{CVE-2023-29659 CVE-2023-49462 CVE-2024-41311}
+	[bookworm] - libheif 1.15.1-1+deb12u1
 [21 Oct 2024] DSA-5795-1 python-sql - security update
 	{CVE-2024-9774}
 	[bookworm] - python-sql 1.4.0-1+deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -12,7 +12,7 @@ To pick an issue, simply add your uid behind it.
 If needed, specify the release by adding a slash after the name of the source package.
 
 --
-activemq
+activemq (jmm)
   Santiago started to work on an update for bookworm
   https://lists.debian.org/debian-lts/2024/10/msg00014.html
 --
@@ -23,8 +23,6 @@ chromium (dilinger)
 frr
   coordination with the maintainer ongoing
 --
-libheif (jmm)
---
 libreswan
   Waiting on feedback from maintainer
 --
@@ -45,8 +43,6 @@ smarty3
 --
 smarty4
 --
-twisted (jmm)
---
 xen
 --
 zabbix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20cdfbb92e0fef2280c6dddf113fa8d3852c1c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20cdfbb92e0fef2280c6dddf113fa8d3852c1c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241025/ecaadacc/attachment-0001.htm>
