[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch

Tue, 31 May 2022 07:39:44 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55c12562 by Markus Koschany at 2022-05-31T16:38:42+02:00
CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch

- - - - -
c912b00d by Markus Koschany at 2022-05-31T16:39:24+02:00
Reserve DLA-3037-1 for libjpeg-turbo

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -234641,7 +234641,6 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of 
CryptoPlugin.cpp, there is a possible
 CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, 
there is ...)
        - libjpeg-turbo 1:2.0.5-1 (low)
        [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-       [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
        [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses 
the TurboJPEG API)
        NOTE: https://source.android.com/security/bulletin/2019-11-01
        NOTE: 
https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2022] DLA-3037-1 libjpeg-turbo - security update
+       {CVE-2019-2201}
+       [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u2
 [31 May 2022] DLA-3036-1 pjproject - security update
        {CVE-2022-24763 CVE-2022-24792 CVE-2022-24793}
        [stretch] - pjproject 2.5.5~dfsg-6+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -140,11 +140,6 @@ lemonldap-ng
   NOTE: 20220529: Programming language: Perl.
   NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 
10.5 (regression fix) (Beuc/front-desk)
 --
-libjpeg-turbo (Markus Koschany)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.7 (only 1 CVE 
but last
-  NOTE: 20220523: stretch update back in 2020 and possible RCE) 
(Beuc/front-desk)
---
 liblouis (Andreas Rönnquist)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to