Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
235551db by Markus Koschany at 2021-10-04T09:54:31+02:00
Remove no-dsa tags for upcoming fig2dev update
- - - - -
265fe795 by Markus Koschany at 2021-10-04T09:56:55+02:00
Reserve DLA-2778-1 for fig2dev
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19545,7 +19545,6 @@ CVE-2021-33478 (The TrustZone implementation in certain
Broadcom MediaxChange fi
CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A
flawed bound ...)
- fig2dev 1:3.2.8-3
[buster] - fig2dev 1:3.2.7a-5+deb10u4
- [stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/116/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
@@ -22500,7 +22499,6 @@ CVE-2021-32281 (An issue was discovered in gravity
through 0.8.1. A heap-buffer-
CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL
pointer deref ...)
- fig2dev 1:3.2.7b-5 (bug #960736)
[buster] - fig2dev <no-dsa> (Minor issue)
- [stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/107/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
@@ -79364,7 +79362,6 @@ CVE-2020-21676 (A stack-based buffer overflow in the
genpstrx_text() component i
CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in
genptk.c ...)
- fig2dev 1:3.2.7b-3
[buster] - fig2dev 1:3.2.7a-5+deb10u3
- [stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
NOTE: https://sourceforge.net/p/mcj/tickets/78/
NOTE:
https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
(3.2.8)
@@ -126177,7 +126174,6 @@ CVE-2019-19798
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an
out-of-bounds wr ...)
- fig2dev 1:3.2.7b-3 (bug #946866)
[buster] - fig2dev 1:3.2.7a-5+deb10u3
- [stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
[jessie] - transfig <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/67/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Oct 2021] DLA-2778-1 fig2dev - security update
+ {CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531
CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675
CVE-2020-21676 CVE-2021-3561 CVE-2021-32280}
+ [stretch] - fig2dev 1:3.2.6a-2+deb9u4
[03 Oct 2021] DLA-2777-1 tiff - security update
{CVE-2020-19131 CVE-2020-19144}
[stretch] - tiff 4.0.8-2+deb9u7
=====================================
data/dla-needed.txt
=====================================
@@ -41,8 +41,6 @@ faad2 (Thorsten Alteholz)
ffmpeg (Anton Gladky)
NOTE: probably wait until stuff is fixed in Buster
--
-fig2dev (Markus Koschany)
---
firmware-nonfree
NOTE: 20210731: WIP:
https://salsa.debian.org/lts-team/packages/firmware-nonfree
NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding
possible "ignore" tag
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5a2eefa81b56213550f909a2e58ac2630f57a34...265fe7950cd6e1cc41ac1b8d4afcb02889f8f7ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5a2eefa81b56213550f909a2e58ac2630f57a34...265fe7950cd6e1cc41ac1b8d4afcb02889f8f7ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
