[Git][security-tracker-team/security-tracker][master] openjpeg2 DSA

Moritz Muehlenhoff (@jmm) Mon, 27 Jan 2025 11:21:12 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7ed4e824 by Moritz Mühlenhoff at 2025-01-27T20:20:45+01:00
openjpeg2 DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -55013,7 +55013,6 @@ CVE-2023-39328 (A vulnerability was found in OpenJPEG 
similar to CVE-2019-6988.
        NOTE: https://github.com/uclouvain/openjpeg/pull/1470
 CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures 
can cau ...)
        - openjpeg2 <unfixed> (bug #1081908)
-       [bookworm] - openjpeg2 <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1472
 CVE-2024-6526 (A vulnerability classified as problematic has been found in 
CodeIgnite ...)
@@ -290248,7 +290247,6 @@ CVE-2021-3576 (Execution with Unnecessary Privileges 
vulnerability in Bitdefende
        NOT-FOR-US: Bitdefender
 CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in 
color.c:379:42 i ...)
        - openjpeg2 <unfixed> (bug #989775)
-       [bookworm] - openjpeg2 <no-dsa> (Minor issue)
        [bullseye] - openjpeg2 <no-dsa> (Minor issue)
        [buster] - openjpeg2 <no-dsa> (Minor issue)
        [stretch] - openjpeg2 <no-dsa> (Minor issue)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2025] DSA-5851-1 openjpeg2 - security update
+       {CVE-2021-3575 CVE-2023-39327 CVE-2024-56826 CVE-2024-56827}
+       [bookworm] - openjpeg2 2.5.0-2+deb12u1
 [26 Jan 2025] DSA-5850-1 git - security update
        {CVE-2024-50349 CVE-2024-52006}
        [bookworm] - git 1:2.39.5-0+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -43,8 +43,6 @@ nodejs
 --
 openjdk-17 (jmm)
 --
-openjpeg2 (jmm)
---
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ed4e824bb33111ec3be075fcf3f2281b9a945aa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] openjpeg2 DSA

Reply via email to