[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-16375/openjpeg2 is already fixed in >= bullseye

Sat Aug 9 17:02:43 BST 2025


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab3314bb by Adrian Bunk at 2025-08-09T18:46:33+03:00
CVE-2018-16375/openjpeg2 is already fixed in >= bullseye

- - - - -
abe303a1 by Adrian Bunk at 2025-08-09T18:50:42+03:00
CVE-2018-20846/openjpeg2 is already fixed in >= bullseye

- - - - -
abdab04b by Adrian Bunk at 2025-08-09T19:01:37+03:00
CVE-2017-17479/openjpeg2 is already fixed in >= buster

Same fixing commit as CVE-2017-17480

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -491105,8 +491105,8 @@ CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the
 	NOTE: https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
 	NOTE: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845
 CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...)
-	- openjpeg2 <unfixed> (unimportant)
-	NOTE: https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
+	- openjpeg2 2.3.1-1 (unimportant)
+	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc (v2.3.1)
 	NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
 CVE-2018-20845 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
 	- openjpeg2 2.3.1-1 (unimportant)
@@ -536570,8 +536570,9 @@ CVE-2018-16376 (An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer o
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1127
 	NOTE: We build with -DBUILD_MJ2:BOOL=OFF
 CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...)
-	- openjpeg2 <unfixed> (unimportant)
+	- openjpeg2 2.3.1-1 (unimportant)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1126
+	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/619e1b086eaa21ebd9b23eb67deee543b07bf06f (v2.3.1)
 	NOTE: We build with -DBUILD_JPWL:BOOL=OFF
 CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.)
 	NOT-FOR-US: Frog CMS
@@ -578400,10 +578401,11 @@ CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered
 	{DSA-4405-1 DLA-1579-1}
 	- openjpeg2 2.3.0-2 (bug #884738)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
-	NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
+	NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62 (v2.3.1)
 CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
-	- openjpeg2 <unfixed> (unimportant)
+	- openjpeg2 2.3.0-2 (unimportant)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
+	NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62 (v2.3.1)
 	NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
 CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...)
 	NOT-FOR-US: Pegasystems Pega Platform



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/102bdec00846ba7ec5795170efe0299c2fce00d0...abdab04bf42879dc3872c2313958716fcd93e191

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/102bdec00846ba7ec5795170efe0299c2fce00d0...abdab04bf42879dc3872c2313958716fcd93e191
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250809/62f834dd/attachment.htm>
