[Git][security-tracker-team/security-tracker][master] Reserve DLA-3238-1 for pngcheck

Tue, 13 Dec 2022 06:41:52 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67e0c308 by Tobias Frost at 2022-12-13T15:41:28+01:00
Reserve DLA-3238-1 for pngcheck

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -158579,7 +158579,6 @@ CVE-2020-27819 (An issue was discovered in libxls 
before and including 1.6.1 whe
 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of 
pngcheck-2.4.0. ...)
        {DLA-3032-1}
        - pngcheck 2.3.0-13 (bug #976350)
-       [buster] - pngcheck 2.3.0-7+deb10u1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
        NOTE: Patch applied in Fedora: 
https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
 CVE-2020-27817


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Dec 2022] DLA-3238-1 pngcheck - security update
+       {CVE-2020-27818 CVE-2020-35511}
+       [buster] - pngcheck 3.0.3-1~deb10u2
 [12 Dec 2022] DLA-3237-1 node-tar - security update
        {CVE-2021-37701 CVE-2021-37712}
        [buster] - node-tar 4.4.6+ds1-3+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -232,10 +232,6 @@ pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.
 --
-pngcheck (tobi)
-  NOTE: 20221127: Programming language: C.
-  NOTE: 20221209: fixes available in newer upstream version, which had 
siginifant refactoring. 
https://lists.debian.org/debian-lts/2022/12/msg00010.html
---
 protobuf
   NOTE: 20221031: Programming language: Several.
   NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated 
code and must therefore get special attention from the application developer 
using protobuf.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e0c308bfb8605d0b86f656611c9d58d9b819f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e0c308bfb8605d0b86f656611c9d58d9b819f1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to