Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab3314bb by Adrian Bunk at 2025-08-09T18:46:33+03:00
CVE-2018-16375/openjpeg2 is already fixed in >= bullseye
- - - - -
abe303a1 by Adrian Bunk at 2025-08-09T18:50:42+03:00
CVE-2018-20846/openjpeg2 is already fixed in >= bullseye
- - - - -
abdab04b by Adrian Bunk at 2025-08-09T19:01:37+03:00
CVE-2017-17479/openjpeg2 is already fixed in >= buster
Same fixing commit as CVE-2017-17480
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -491105,8 +491105,8 @@ CVE-2018-20847 (An improper computation of p_tx0,
p_tx1, p_ty0 and p_ty1 in the
NOTE:
https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
NOTE:
https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845
CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp,
pi_next_rlcp, pi ...)
- - openjpeg2 <unfixed> (unimportant)
- NOTE:
https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
+ - openjpeg2 2.3.1-1 (unimportant)
+ NOTE: Fixed by:
https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
(v2.3.1)
NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
CVE-2018-20845 (Division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_nex ...)
- openjpeg2 2.3.1-1 (unimportant)
@@ -536570,8 +536570,9 @@ CVE-2018-16376 (An issue was discovered in OpenJPEG
2.3.0. A heap-based buffer o
NOTE: https://github.com/uclouvain/openjpeg/issues/1127
NOTE: We build with -DBUILD_MJ2:BOOL=OFF
CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for
header_i ...)
- - openjpeg2 <unfixed> (unimportant)
+ - openjpeg2 2.3.1-1 (unimportant)
NOTE: https://github.com/uclouvain/openjpeg/issues/1126
+ NOTE: Fixed by:
https://github.com/uclouvain/openjpeg/commit/619e1b086eaa21ebd9b23eb67deee543b07bf06f
(v2.3.1)
NOTE: We build with -DBUILD_JPWL:BOOL=OFF
CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via
/admin/?/plugin/comment/settings.)
NOT-FOR-US: Frog CMS
@@ -578400,10 +578401,11 @@ CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based
buffer overflow was discovered
{DSA-4405-1 DLA-1579-1}
- openjpeg2 2.3.0-2 (bug #884738)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
- NOTE:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
+ NOTE:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
(v2.3.1)
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was
discovered in the ...)
- - openjpeg2 <unfixed> (unimportant)
+ - openjpeg2 2.3.0-2 (unimportant)
NOTE: https://github.com/uclouvain/openjpeg/issues/1044
+ NOTE:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
(v2.3.1)
NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems
Pega Pla ...)
NOT-FOR-US: Pegasystems Pega Platform
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/102bdec00846ba7ec5795170efe0299c2fce00d0...abdab04bf42879dc3872c2313958716fcd93e191
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/102bdec00846ba7ec5795170efe0299c2fce00d0...abdab04bf42879dc3872c2313958716fcd93e191
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
