Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f1d2047 by Ola Lundqvist at 2024-04-11T22:34:48+02:00
Changed wording since the term tool can be misunderstood.
- - - - -
4a0e4e2a by Ola Lundqvist at 2024-04-11T22:34:50+02:00
Changed a some CVEs from no-dsa to postponed for freeimage.
At the same time clarified that they can be fixed when uploading a correction
for other vulnerabilities since there are patches available.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7204,7 +7204,7 @@ CVE-2024-28584 (Null Pointer Dereference vulnerability in
open source FreeImage
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -7230,7 +7230,7 @@ CVE-2024-28579 (Buffer Overflow vulnerability in open
source FreeImage v.3.19.0
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -7241,37 +7241,37 @@ CVE-2024-28577 (Null Pointer Dereference vulnerability
in open source FreeImage
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -7282,7 +7282,7 @@ CVE-2024-28570 (Buffer Overflow vulnerability in open
source FreeImage v.3.19.0
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -7293,13 +7293,13 @@ CVE-2024-28568 (Buffer Overflow vulnerability in open
source FreeImage v.3.19.0
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -7310,19 +7310,19 @@ CVE-2024-28565 (Buffer Overflow vulnerability in open
source FreeImage v.3.19.0
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in tool)
+ [buster] - freeimage <postponed> (Revisit when fixed upstream, low
severity DoS in user interactive software)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
@@ -190252,7 +190252,7 @@ CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette
function in PluginTIFF.cpp
- freeimage <unfixed> (bug #1055305)
[bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <no-dsa> (Minor issue)
- [buster] - freeimage <no-dsa> (Minor issue)
+ [buster] - freeimage <postponed> (Fix together with some other upload,
low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/334/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40266.patch
CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad
function ...)
@@ -190271,7 +190271,7 @@ CVE-2021-40263 (A heap overflow vulnerability in
FreeImage 1.18.0 via the ofLoad
- freeimage <unfixed> (bug #1055302)
[bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <no-dsa> (Minor issue)
- [buster] - freeimage <no-dsa> (Minor issue)
+ [buster] - freeimage <postponed> (Fix together with some other upload,
low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/336/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40263.patch
CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before
1.18.0 via ...)
@@ -207471,7 +207471,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in
Freeimage v3.18.0 allows attack
- freeimage <unfixed> (bug #1032666)
[bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <no-dsa> (Minor issue)
- [buster] - freeimage <no-dsa> (Minor issue)
+ [buster] - freeimage <postponed> (Fix together with some other upload,
low severity, DoS in user interactive software)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-33367.patch
CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box
in GPAC ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d93f96a1e23adfbcc4e7a9a203fba352bac171e9...4a0e4e2ae1f96a4b4c63a462704276e2125deebd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d93f96a1e23adfbcc4e7a9a203fba352bac171e9...4a0e4e2ae1f96a4b4c63a462704276e2125deebd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
