[Git][security-tracker-team/security-tracker][master] CVE-2020-27844/openjpeg2 n/a on buster & stretch

Tue, 16 Mar 2021 05:23:32 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ac5d178 by Emilio Pozuelo Monfort at 2021-03-16T13:22:57+01:00
CVE-2020-27844/openjpeg2 n/a on buster & stretch

The issue was introduced during the development of 2.4.0 and fixed
in that version, so was never in any version in Debian.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -30649,8 +30649,11 @@ CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c 
of openjpeg in versions p
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63
 (v2.4.0)
 CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in 
versions prior  ...)
        - openjpeg2 2.4.0-1
+       [buster] - openjpeg2 <not-affected> (Vulnerable code introduced and 
fixed in 2.4.0)
+       [stretch] - openjpeg2 <not-affected> (Vulnerable code introduced and 
fixed in 2.4.0)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1299
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
 (v2.4.0)
+       NOTE: Introduced by: 
https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This 
flaw all ...)
        - openjpeg2 2.4.0-1 (bug #983663)
        [buster] - openjpeg2 <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -72,11 +72,6 @@ opendmarc
   NOTE: 20201217: patch for CVE-2020-12460 has become available (roberto)
   NOTE: 20210104: wait for other CVEs (abhijith)
 --
-openjpeg2 (Emilio)
-  NOTE: 20210316: CVE-2020-27844.patch exists in source (via DLA-2550-1), but
-  NOTE: 20210316: does not exist in debian/patches/series or is otherwise not
-  NOTE: 20210316: applied. See b8ffed3c021 for more. (lamby)
---
 php-pear
 --
 pillow (Abhijith PA)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5d178b243580aea3f6c91637511aa235d057d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ac5d178b243580aea3f6c91637511aa235d057d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to