[Git][security-tracker-team/security-tracker][master] openjpeg2 DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 27 19:20:59 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ed4e824 by Moritz Mühlenhoff at 2025-01-27T20:20:45+01:00
openjpeg2 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -55013,7 +55013,6 @@ CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988.
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures can cau ...)
- openjpeg2 <unfixed> (bug #1081908)
- [bookworm] - openjpeg2 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...)
@@ -290248,7 +290247,6 @@ CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefende
NOT-FOR-US: Bitdefender
CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...)
- openjpeg2 <unfixed> (bug #989775)
- [bookworm] - openjpeg2 <no-dsa> (Minor issue)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2025] DSA-5851-1 openjpeg2 - security update
+ {CVE-2021-3575 CVE-2023-39327 CVE-2024-56826 CVE-2024-56827}
+ [bookworm] - openjpeg2 2.5.0-2+deb12u1
[26 Jan 2025] DSA-5850-1 git - security update
{CVE-2024-50349 CVE-2024-52006}
[bookworm] - git 1:2.39.5-0+deb12u2
=====================================
data/dsa-needed.txt
=====================================
@@ -43,8 +43,6 @@ nodejs
--
openjdk-17 (jmm)
--
-openjpeg2 (jmm)
---
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/c68fee95/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list