[Git][security-tracker-team/security-tracker][master] issue DLA-3214-1 for libraw

Wed, 30 Nov 2022 12:57:50 -0800 


Helmut Grohne pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
245c2a39 by Helmut Grohne at 2022-11-30T21:56:35+01:00
issue DLA-3214-1 for libraw

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -163032,7 +163032,7 @@ CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null 
pointer dereference vulner
        NOTE: https://github.com/LibRaw/LibRaw/issues/335#issuecomment-677637276
 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 
LibRaw::Ge ...)
        - libraw 0.20.2-1
-       [buster] - libraw <no-dsa> (Minor issue)
+       [buster] - libraw <not-affected> (Hassleblad data parser added in 0.20)
        [stretch] - libraw <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/LibRaw/LibRaw/issues/334
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
@@ -183716,7 +183716,6 @@ CVE-2020-15504 (A SQL injection vulnerability in the 
user and admin web interfac
 CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. 
This affect ...)
        [experimental] - libraw 0.20.0-1
        - libraw 0.20.0-4 (bug #964747)
-       [buster] - libraw <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
 CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for 
Android,  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Nov 2022] DLA-3214-1 libraw - security update
+       {CVE-2020-15503}
+       [buster] - libraw 0.19.2-2+deb10u2
 [29 Nov 2022] DLA-3213-1 krb5 - security update
        {CVE-2022-42898}
        [buster] - krb5 1.17-3+deb10u5


=====================================
data/dla-needed.txt
=====================================
@@ -121,10 +121,6 @@ libpgjava
   NOTE: 20221128: Please check, whether CVE-2022-41946 affects modern systems 
(gladk).
   NOTE: 20221128: If not - please mark it as <ignored> (gladk).
 --
-libraw
-  NOTE: 20221129: Programming language: C++.
-  NOTE: 20221129: VCS: https://salsa.debian.org/lts-team/packages/libraw.git
---
 libreoffice
   NOTE: 20221012: Programming language: C++.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245c2a3955a3dafe6de3d55f4c41da07cff276c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245c2a3955a3dafe6de3d55f4c41da07cff276c1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to