[Git][security-tracker-team/security-tracker][master] Reserve DLA-4247-1 for djvulibre
Adrian Bunk (@bunk)
bunk at debian.org
Mon Jul 21 13:45:44 BST 2025
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6997942d by Adrian Bunk at 2025-07-21T15:45:29+03:00
Reserve DLA-4247-1 for djvulibre
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -306930,7 +306930,6 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a seg
CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...)
- djvulibre 3.5.28-2.2 (bug #1052669)
[bookworm] - djvulibre <ignored> (Minor issue)
- [bullseye] - djvulibre <no-dsa> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/344/
NOTE: Fixed by: (only IW44EncodeCodec.cpp changes): https://sourceforge.net/p/djvu/djvulibre-git/ci/05d00e831a5c55af2d407a513a9157a03449dc2c/
@@ -306944,7 +306943,6 @@ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...)
- djvulibre 3.5.28-2.2 (bug #1052668)
[bookworm] - djvulibre <ignored> (Minor issue)
- [bullseye] - djvulibre <no-dsa> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/345/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jul 2025] DLA-4247-1 djvulibre - security update
+ {CVE-2021-46310 CVE-2021-46312 CVE-2025-53367}
+ [bullseye] - djvulibre 3.5.28-2.2~deb11u1
[21 Jul 2025] DLA-4246-1 libowasp-esapi-java - security update
{CVE-2022-23457 CVE-2022-24891 CVE-2025-5878}
[bullseye] - libowasp-esapi-java 2.4.0.0-0+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -68,9 +68,6 @@ ckeditor
NOTE: 20241002: Added by Front-Desk (Beuc)
NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
--
-djvulibre
- NOTE: 20250707: Added by Front-Desk (apo)
---
dnsdist
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6997942d813f73a5c21f5920a66884d0e71f0321
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6997942d813f73a5c21f5920a66884d0e71f0321
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250721/fa7841b3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list