Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2f1d2047 by Ola Lundqvist at 2024-04-11T22:34:48+02:00 Changed wording since the term tool can be misunderstood. - - - - - 4a0e4e2a by Ola Lundqvist at 2024-04-11T22:34:50+02:00 Changed a some CVEs from no-dsa to postponed for freeimage. At the same time clarified that they can be fixed when uploading a correction for other vulnerabilities since there are patches available. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7204,7 +7204,7 @@ CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -7230,7 +7230,7 @@ CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -7241,37 +7241,37 @@ CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -7282,7 +7282,7 @@ CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -7293,13 +7293,13 @@ CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -7310,19 +7310,19 @@ CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream) [bullseye] - freeimage <no-dsa> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in tool) + [buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage <unfixed> (bug #1068461) @@ -190252,7 +190252,7 @@ CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp - freeimage <unfixed> (bug #1055305) [bookworm] - freeimage <no-dsa> (Minor issue) [bullseye] - freeimage <no-dsa> (Minor issue) - [buster] - freeimage <no-dsa> (Minor issue) + [buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/bugs/334/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40266.patch CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...) @@ -190271,7 +190271,7 @@ CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad - freeimage <unfixed> (bug #1055302) [bookworm] - freeimage <no-dsa> (Minor issue) [bullseye] - freeimage <no-dsa> (Minor issue) - [buster] - freeimage <no-dsa> (Minor issue) + [buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/bugs/336/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40263.patch CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...) @@ -207471,7 +207471,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack - freeimage <unfixed> (bug #1032666) [bookworm] - freeimage <no-dsa> (Minor issue) [bullseye] - freeimage <no-dsa> (Minor issue) - [buster] - freeimage <no-dsa> (Minor issue) + [buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-33367.patch CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d93f96a1e23adfbcc4e7a9a203fba352bac171e9...4a0e4e2ae1f96a4b4c63a462704276e2125deebd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d93f96a1e23adfbcc4e7a9a203fba352bac171e9...4a0e4e2ae1f96a4b4c63a462704276e2125deebd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits