[Git][security-tracker-team/security-tracker][master] 2 commits: two CVEs of jbig2dec fixed in recent upload

Thu, 28 Oct 2021 16:02:31 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43fb0cc1 by Thorsten Alteholz at 2021-10-29T01:01:49+02:00
two CVEs of jbig2dec fixed in recent upload

- - - - -
1224608d by Thorsten Alteholz at 2021-10-29T01:01:50+02:00
Reserve DLA-2796-1 for jbig2dec

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106202,7 +106202,6 @@ CVE-2020-12269
 CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec 
before 0.18 h ...)
        - jbig2dec 0.18-1
        [buster] - jbig2dec <no-dsa> (Minor issue)
-       [stretch] - jbig2dec <no-dsa> (Minor issue)
        [jessie] - jbig2dec <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
        NOTE: 
https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
@@ -275170,7 +275169,6 @@ CVE-2017-9217 (systemd-resolved through 233 allows 
remote attackers to cause a d
        NOTE: https://github.com/systemd/systemd/pull/5998
 CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and 
Ghostscri ...)
        - jbig2dec 0.13-5 (bug #863279)
-       [stretch] - jbig2dec <no-dsa> (Minor issue)
        [jessie] - jbig2dec <no-dsa> (Minor issue)
        [wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future 
update)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Oct 2021] DLA-2796-1 jbig2dec - security update
+       {CVE-2017-9216 CVE-2020-12268}
+       [stretch] - jbig2dec 0.13-4.1+deb9u1
 [29 Oct 2021] DLA-2795-1 gpsd - security update
        {CVE-2018-17937}
        [stretch] - gpsd 3.16-4+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3db6c83bc58c675be66d669e000975a07d2211f5...1224608d9fe80774ebf2560832a490dcae1c2178

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3db6c83bc58c675be66d669e000975a07d2211f5...1224608d9fe80774ebf2560832a490dcae1c2178
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to