Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7ac5d178 by Emilio Pozuelo Monfort at 2021-03-16T13:22:57+01:00 CVE-2020-27844/openjpeg2 n/a on buster & stretch The issue was introduced during the development of 2.4.0 and fixed in that version, so was never in any version in Debian. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -30649,8 +30649,11 @@ CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions p NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 (v2.4.0) CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...) - openjpeg2 2.4.0-1 + [buster] - openjpeg2 <not-affected> (Vulnerable code introduced and fixed in 2.4.0) + [stretch] - openjpeg2 <not-affected> (Vulnerable code introduced and fixed in 2.4.0) NOTE: https://github.com/uclouvain/openjpeg/issues/1299 NOTE: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 (v2.4.0) + NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...) - openjpeg2 2.4.0-1 (bug #983663) [buster] - openjpeg2 <no-dsa> (Minor issue) ===================================== data/dla-needed.txt ===================================== @@ -72,11 +72,6 @@ opendmarc NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto) NOTE: 20210104: wait for other CVEs (abhijith) -- -openjpeg2 (Emilio) - NOTE: 20210316: CVE-2020-27844.patch exists in source (via DLA-2550-1), but - NOTE: 20210316: does not exist in debian/patches/series or is otherwise not - NOTE: 20210316: applied. See b8ffed3c021 for more. (lamby) --- php-pear -- pillow (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5d178b243580aea3f6c91637511aa235d057d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5d178b243580aea3f6c91637511aa235d057d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits