Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3f74d6e by Salvatore Bonaccorso at 2025-08-10T12:58:12+02:00
Triage openjpeg2 issues for bookworm and trixie
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -367,6 +367,7 @@ CVE-2025-51533 (An Insecure Direct Object Reference (IDOR)
in Sage DPW v2024_12_
NOT-FOR-US: Sage DPW
CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer
dereference ...)
- openjpeg2 2.5.3-1
+ [bookworm] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1505
NOTE: Fixed by:
https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37
(v2.5.1)
CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in
admin/template_file ...)
@@ -5787,6 +5788,7 @@ CVE-2023-41566 (OA EKP v16 was discovered to contain an
arbitrary download vulne
NOT-FOR-US: OA EKP
CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3
and earl ...)
- openjpeg2 <unfixed> (bug #1110443)
+ [trixie] - openjpeg2 <no-dsa> (Minor issue; can be fixed in point
release)
[bookworm] - openjpeg2 <not-affected> (Vulnerable code introduced later)
[bullseye] - openjpeg2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/uclouvain/openjpeg/pull/1573
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f74d6e4663b0d6c9d3259bebc4879a57669f3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f74d6e4663b0d6c9d3259bebc4879a57669f3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
