Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d5f77489 by Salvatore Bonaccorso at 2025-01-02T10:20:17+01:00 Add another openjpeg2 issue Note the text in the bugzilla entries and the referenced upstream issues seem to match while OTOH the subject in bugzilla seems swapped. It is not fully clear if the mapping CVE-2024-56827 -> https://github.com/uclouvain/openjpeg/issues/1564 CVE-2024-56826 -> https://github.com/uclouvain/openjpeg/issues/1563 is the aimed one or the other way around and the CVEs are not yet officially publisched at CVE database. Thus add a TODO item to check with Red Hat secalert. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,13 @@ -CVE-2024-56826 [openjpeg heapoverflow in opj_j2k_add_tlmarker] +CVE-2024-56827 + - openjpeg2 <unfixed> + NOTE: https://github.com/uclouvain/openjpeg/issues/1564 + NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.3.5) + TODO: check with Red Hat secalert the correct mapping for CVE-2024-56826 and CVE-2024-56827 +CVE-2024-56826 - openjpeg2 <unfixed> NOTE: https://github.com/uclouvain/openjpeg/issues/1563 - NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.5.3) + NOTE: https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2 (v2.5.3) + TODO: check with Red Hat secalert the correct mapping for CVE-2024-56826 and CVE-2024-56827 CVE-2025-22214 (Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx? ...) NOT-FOR-US: WordPress pluginEIS CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builti ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f77489244fabc628bd8623398fff8334cc8c2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5f77489244fabc628bd8623398fff8334cc8c2d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
