Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f95756e4 by Moritz Muehlenhoff at 2020-08-29T19:26:59+02:00
thunderbird, lilypond, openexr DSAs
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -196440,7 +196440,6 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of
size 1 in the uncompress fun
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator
functio ...)
- openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196448,7 +196447,6 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of
size 2 in the = operator fu
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill
function in ...)
- openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196456,7 +196454,6 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of
size 1 in the refill functio
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the
bufferedReadPixels ...)
- openexr <unfixed> (low; bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
@@ -196471,7 +196468,6 @@ CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of
size 1 in the getBits functi
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE
function ...)
- openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,12 @@
+[29 Aug 2020] DSA-4756-1 lilypond - security update
+ {CVE-2020-17353}
+ [buster] - lilypond 2.19.81+really-2.18.2-13+deb10u1
+[29 Aug 2020] DSA-4755-1 openexr - security update
+ {CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2020-11758
CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763
CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306}
+ [buster] - openexr 2.2.1-4.1+deb10u1
+[29 Aug 2020] DSA-4754-1 thunderbird - security update
+ {CVE-2020-15664 CVE-2020-15669}
+ [buster] - thunderbird 1:68.12.0-1~deb10u1
[29 Aug 2020] DSA-4753-1 mupdf - security update
{CVE-2019-13290}
[buster] - mupdf 1.14.0+ds1-4+deb10u1
=====================================
data/dsa-needed.txt
=====================================
@@ -22,20 +22,14 @@ curl (ghedo)
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
-lilypond (jmm)
---
linux (carnil)
Wait until more issues have piled up
--
-openexr (jmm)
---
rails (jmm)
Sylvain Beucler proposed to help for the update, remaining CVEs to be done
--
teeworlds (jmm)
--
-thunderbird (jmm)
---
xcftools
Hugo proposed to work on this update
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95756e4844fe46333dcdf72d25b48218654a395
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f95756e4844fe46333dcdf72d25b48218654a395
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
