[Git][security-tracker-team/security-tracker][master] DSA for jpeg-xl
Aron Xu (@aron)
aron at debian.org
Fri Jul 4 08:00:39 BST 2025
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c282e89 by Aron Xu at 2025-07-04T15:00:20+08:00
DSA for jpeg-xl
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -69082,7 +69082,6 @@ CVE-2024-11646 (A vulnerability classified as critical was found in 1000 Project
CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A specifically-crafted ...)
[experimental] - jpeg-xl 0.10.4-1
- jpeg-xl 0.10.4-2 (bug #1088818)
- [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/pull/3943
NOTE: https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions prior to c ...)
@@ -191770,7 +191769,6 @@ CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templ
CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...)
[experimental] - jpeg-xl 0.8.2-1
- jpeg-xl 0.8.2-4 (bug #1055306)
- [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/pull/2551
NOTE: https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226
CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbitmq-c) ...)
@@ -215706,7 +215704,6 @@ CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5
CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
[experimental] - jpeg-xl 0.8.2-1
- jpeg-xl 0.8.2-4 (bug #1034722)
- [bookworm] - jpeg-xl <no-dsa> (Minor issue)
NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Jul 2025] DSA-5958-1 jpeg-xl - security update
+ {CVE-2023-0645 CVE-2023-35790 CVE-2024-11403 CVE-2024-11498}
+ [bookworm] - jpeg-xl 0.7.0-10+deb12u1
[03 Jul 2025] DSA-5957-1 mediawiki - security update
{CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594 CVE-2025-6595 CVE-2025-6597 CVE-2025-6926 CVE-2025-32072}
[bookworm] - mediawiki 1:1.39.13-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -26,8 +26,6 @@ gh
--
guix
--
-jpeg-xl (aron)
---
libreswan
Waiting on feedback from maintainer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c282e8959d2c3a057c4e0dc9e28b78bea4d32e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c282e8959d2c3a057c4e0dc9e28b78bea4d32e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/6b78bf86/attachment.htm>
More information about the debian-security-tracker-commits
mailing list