[Git][security-tracker-team/security-tracker][master] openjpeg2 DSA

Mon Jan 27 19:20:59 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ed4e824 by Moritz Mühlenhoff at 2025-01-27T20:20:45+01:00
openjpeg2 DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -55013,7 +55013,6 @@ CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988.
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1470
 CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures can cau ...)
 	- openjpeg2 <unfixed> (bug #1081908)
-	[bookworm] - openjpeg2 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1472
 CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...)
@@ -290248,7 +290247,6 @@ CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefende
 	NOT-FOR-US: Bitdefender
 CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...)
 	- openjpeg2 <unfixed> (bug #989775)
-	[bookworm] - openjpeg2 <no-dsa> (Minor issue)
 	[bullseye] - openjpeg2 <no-dsa> (Minor issue)
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	[stretch] - openjpeg2 <no-dsa> (Minor issue)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2025] DSA-5851-1 openjpeg2 - security update
+	{CVE-2021-3575 CVE-2023-39327 CVE-2024-56826 CVE-2024-56827}
+	[bookworm] - openjpeg2 2.5.0-2+deb12u1
 [26 Jan 2025] DSA-5850-1 git - security update
 	{CVE-2024-50349 CVE-2024-52006}
 	[bookworm] - git 1:2.39.5-0+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -43,8 +43,6 @@ nodejs
 --
 openjdk-17 (jmm)
 --
-openjpeg2 (jmm)
---
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/c68fee95/attachment-0001.htm>
