Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 55c12562 by Markus Koschany at 2022-05-31T16:38:42+02:00 CVE-2019-2201,libjpeg-turbo: Remove no-dsa tag for Stretch - - - - - c912b00d by Markus Koschany at 2022-05-31T16:39:24+02:00 Reserve DLA-3037-1 for libjpeg-turbo - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -234641,7 +234641,6 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...) - libjpeg-turbo 1:2.0.5-1 (low) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 - [stretch] - libjpeg-turbo <no-dsa> (Minor issue) [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API) NOTE: https://source.android.com/security/bulletin/2019-11-01 NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[31 May 2022] DLA-3037-1 libjpeg-turbo - security update + {CVE-2019-2201} + [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u2 [31 May 2022] DLA-3036-1 pjproject - security update {CVE-2022-24763 CVE-2022-24792 CVE-2022-24793} [stretch] - pjproject 2.5.5~dfsg-6+deb9u5 ===================================== data/dla-needed.txt ===================================== @@ -140,11 +140,6 @@ lemonldap-ng NOTE: 20220529: Programming language: Perl. NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk) -- -libjpeg-turbo (Markus Koschany) - NOTE: 20220529: Programming language: C. - NOTE: 20220523: Follow buster: harmonize with with Debian 10.7 (only 1 CVE but last - NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk) --- liblouis (Andreas Rönnquist) NOTE: 20220529: Programming language: C. NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c48ef05dc9ad6bd1989b415abad91d76197e6086...c912b00de7e731b704f618e554678eb575572278 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits