Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9126193 by Moritz Muehlenhoff at 2025-04-20T00:13:16+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85849,11 +85849,13 @@ CVE-2024-39241 (Cross Site Scripting (XSS)
vulnerability in skycaiji 2.8 allows
NOT-FOR-US: skycaiji
CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
- libde265 <unfixed> (bug #1074416)
+ [trixie] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
- libde265 <unfixed> (bug #1074416)
+ [trixie] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/460
@@ -158301,6 +158303,7 @@ CVE-2023-2453 (There is insufficient sanitization of
tainted file names that are
NOT-FOR-US: PHP-Fusion
CVE-2023-51441 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation
vulnerabilit ...)
- axis <unfixed> (bug #1060169)
+ [trixie] - axis <ignored> (Minor issue)
[bookworm] - axis <ignored> (Minor issue)
[bullseye] - axis <no-dsa> (Minor issue)
[buster] - axis <no-dsa> (Minor issue)
@@ -695035,7 +695038,7 @@ CVE-2013-2126 (Multiple double free vulnerabilities
in the LibRaw::unpack functi
- libraw 0.15.3-1 (low; bug #710353)
[wheezy] - libraw <no-dsa> (Not suitable for code injection, minor
issue)
[squeeze] - libraw <not-affected> (Vulnerable code not present)
- - libkdcraw 4:4.8.4-2 (low; bug #711317)
+ - libkdcraw 24.12.0-1
[wheezy] - libkdcraw <no-dsa> (Not suitable for code injection, minor
issue)
- darktable 1.2.1-2 (unimportant; bug #711316)
NOTE: Not suitable for code injection, no security impact for an
enduser application like Darktable
@@ -695043,6 +695046,9 @@ CVE-2013-2126 (Multiple double free vulnerabilities
in the LibRaw::unpack functi
[squeeze] - kdegraphics <not-affected> (embedded version of
kdcraw+libraw too old)
NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3
NOTE:
https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
+ NOTE: Back in 2013, libkdcraw was fixed in 4:4.10.5-2 and later on
removed and then
+ NOTE: re-introduced in sid without the epoch, so now marking 24.12.0-1
as the first
+ NOTE: upload to sid as the new fixed version, current libkdcraw uses
the system-wide libraw
CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions,
which al ...)
- opensmtpd 5.3.3p1-1
NOTE: https://www.openwall.com/lists/oss-security/2013/05/18/8
@@ -697483,16 +697489,19 @@ CVE-2013-1439 (The "faster LJPEG decoder" in libraw
0.13.x, 0.14.x, and 0.15.x b
- libraw 0.15.4-1 (bug #721338)
[wheezy] - libraw <no-dsa> (Minor issue)
[squeeze] - libraw <no-dsa> (Minor issue)
- - libkdcraw 4:4.10.5-2 (bug #721340)
+ - libkdcraw 24.12.0-1
[wheezy] - libkdcraw <no-dsa> (Minor issue)
- darktable 1.2.2-2 (bug #721339)
[wheezy] - darktable 1.0.4-1+deb7u2
+ NOTE: Back in 2013, libkdcraw was fixed in 4:4.10.5-2 and later on
removed and then
+ NOTE: re-introduced in sid without the epoch, so now marking 24.12.0-1
as the first
+ NOTE: upload to sid as the new fixed version, current libkdcraw uses
the system-wide libraw
CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used
in lib ...)
{DSA-2748-1}
- libraw 0.15.4-1 (bug #721231)
[wheezy] - libraw <no-dsa> (Minor issue)
[squeeze] - libraw <no-dsa> (Minor issue)
- - libkdcraw 4:4.10.5-2 (bug #721239)
+ - libkdcraw 24.12.0-1
[wheezy] - libkdcraw <no-dsa> (Minor issue)
- darktable 1.2.2-2 (bug #721233)
[wheezy] - darktable 1.0.4-1+deb7u2
@@ -697505,6 +697514,9 @@ CVE-2013-1438 (Unspecified vulnerability in dcraw
0.8.x through 0.8.9, as used i
- rawstudio <removed> (unimportant; bug #721237)
- rawtherapee <not-affected> (unimportant; bug #721238)
NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
+ NOTE: Back in 2013, libkdcraw was fixed in 4:4.10.5-2 and later on
removed and then
+ NOTE: re-introduced in sid without the epoch, so now marking 24.12.0-1
as the first
+ NOTE: upload to sid as the new fixed version, current libkdcraw uses
the system-wide libraw
CVE-2013-1437 (Eval injection vulnerability in the Module-Metadata module
before 1.00 ...)
- perl 5.18.1-2
[wheezy] - perl <not-affected> (Bug was introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9126193e037409acabd43fa867dc5ed6b95c186
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9126193e037409acabd43fa867dc5ed6b95c186
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
