[Git][security-tracker-team/security-tracker][master] Reserve DLA-4107-1 for openjpeg2

Tue, 01 Apr 2025 14:33:21 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e996ca84 by Markus Koschany at 2025-04-01T23:32:58+02:00
Reserve DLA-4107-1 for openjpeg2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -256753,7 +256753,6 @@ CVE-2022-25348 (Untrusted search path vulnerability 
in AttacheCase ver.4.0.2.7 a
 CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 
2.4.0 in  ...)
        {DLA-2975-1}
        - openjpeg2 2.5.0-1
-       [bullseye] - openjpeg2 <no-dsa> (Minor issue)
        [buster] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1368
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
@@ -312737,7 +312736,6 @@ CVE-2021-3575 (A heap-based buffer overflow was found 
in openjpeg in color.c:379
        {DSA-5851-1}
        [experimental] - openjpeg2 2.5.3-1~exp1
        - openjpeg2 2.5.3-1 (bug #989775)
-       [bullseye] - openjpeg2 <no-dsa> (Minor issue)
        [buster] - openjpeg2 <no-dsa> (Minor issue)
        [stretch] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1347
@@ -324922,7 +324920,6 @@ CVE-2021-29339
 CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to 
crash t ...)
        {DLA-2975-1}
        - openjpeg2 2.4.0-4 (bug #987276)
-       [bullseye] - openjpeg2 <no-dsa> (Minor issue)
        [buster] - openjpeg2 <no-dsa> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1338
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/79c7d7af598b778c3cdcb455df23d50efc95eb3c


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Apr 2025] DLA-4107-1 openjpeg2 - security update
+       {CVE-2021-3575 CVE-2021-29338 CVE-2022-1122 CVE-2024-56826 
CVE-2024-56827}
+       [bullseye] - openjpeg2 2.4.0-3+deb11u1
 [01 Apr 2025] DLA-4106-1 jetty9 - security update
        {CVE-2024-6762 CVE-2024-8184 CVE-2024-9823}
        [bullseye] - jetty9 9.4.57-0+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -197,10 +197,6 @@ openafs
   NOTE: 20250102: Looking at CVE-2024-10394 (abhijith)
   NOTE: 20250203: https://people.debian.org/~abhijith/upload/openafs_patches/ 
(abhijith)
 --
-openjpeg2 (Markus Koschany)
-  NOTE: 20250105: Added by Front-Desk (apo)
-  NOTE: 20250224: Discovered two regressions. I plan to release on Wednesday. 
(apo)
---
 pagure
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Coordinate with ds (rouca/FD)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e996ca84e437395a906f387a7b113b44b29bb312

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e996ca84e437395a906f387a7b113b44b29bb312
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to