[Git][security-tracker-team/security-tracker][master] Add another openjpeg2 issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 2 09:21:09 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5f77489 by Salvatore Bonaccorso at 2025-01-02T10:20:17+01:00
Add another openjpeg2 issue

Note the text in the bugzilla entries and the referenced upstream issues
seem to match while OTOH the subject in bugzilla seems swapped. It is
not fully clear if the mapping

CVE-2024-56827 -> https://github.com/uclouvain/openjpeg/issues/1564
CVE-2024-56826 -> https://github.com/uclouvain/openjpeg/issues/1563

is the aimed one or the other way around and the CVEs are not yet
officially publisched at CVE database.

Thus add a TODO item to check with Red Hat secalert.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,13 @@
-CVE-2024-56826 [openjpeg heapoverflow in opj_j2k_add_tlmarker]
+CVE-2024-56827
+	- openjpeg2 <unfixed>
+	NOTE: https://github.com/uclouvain/openjpeg/issues/1564
+	NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.3.5)
+	TODO: check with Red Hat secalert the correct mapping for CVE-2024-56826 and CVE-2024-56827
+CVE-2024-56826
 	- openjpeg2 <unfixed>
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1563
-	NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.5.3)
+	NOTE: https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2 (v2.5.3)
+	TODO: check with Red Hat secalert the correct mapping for CVE-2024-56826 and CVE-2024-56827
 CVE-2025-22214 (Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx? ...)
 	NOT-FOR-US: WordPress pluginEIS
 CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f77489244fabc628bd8623398fff8334cc8c2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f77489244fabc628bd8623398fff8334cc8c2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250102/f799f2e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list