[Git][security-tracker-team/security-tracker][master] Revert "CVE-2019-12214 update for openjpeg and freeimage"

Sun, 14 Apr 2024 05:03:55 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd2656be by Salvatore Bonaccorso at 2024-04-14T14:02:06+02:00
Revert "CVE-2019-12214 update for openjpeg and freeimage"

This reverts commit 08bd7be3935f565a9252bc5f9581885b405cc758.

This needs a proper commit if something is in openjpeg.

But the main reason for this revert is unclear tracking of the fixed
version with mixup of buster only entry for buster for openjpeg.

I might go later trough the mail exchange to see what actually needs to
be done.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -347217,17 +347217,13 @@ CVE-2019-12214 (In FreeImage 3.18.0, an 
out-of-bounds access occurs because of m
        - freeimage <unfixed> (bug #947478)
        [bookworm] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [bullseye] - freeimage <postponed> (Revisit when upstream fixes are 
available)
-       [buster] - freeimage <not-affected> (Do not include openjpeg copy since 
3.10.0-3)
-       [buster] - openjpeg2 2.1.0-1
+       [buster] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [stretch] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [jessie] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        NOTE: 
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
        NOTE: very few information regarding this vulnerability, which is 
seemingly located
        NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, 
this is
        NOTE: nearly unfixable.
-       NOTE: Turned out that the issue is not in freeimage at all, but rather 
in openjpeg.
-       NOTE: For more information see 
https://lists.debian.org/debian-lts/2024/04/msg00058.html
-       NOTE: and more specifically 
https://lists.debian.org/debian-lts/2024/04/msg00081.html
 CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the 
TIFFReadDirectory ...)
        {DSA-4593-1 DLA-2031-1}
        - freeimage 3.18.0+ds2-3 (bug #929597)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2656be1f868274d60b1f38aa7a884e3c8123f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2656be1f868274d60b1f38aa7a884e3c8123f2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to