Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: a86b965a by Thorsten Alteholz at 2021-09-26T19:18:32+02:00 add exiv2 - - - - - 9eacc86f by Thorsten Alteholz at 2021-09-26T19:18:59+02:00 add faad2 - - - - - 604a63bf by Thorsten Alteholz at 2021-09-26T19:20:56+02:00 mark some CVEs of libsixel as no-dsa - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -78985,11 +78985,13 @@ CVE-2020-21549 CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...) - libsixel 1.8.6-1 [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/116 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...) - libsixel 1.8.6-1 [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/114 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21546 @@ -80016,16 +80018,19 @@ CVE-2020-21051 CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...) - libsixel 1.8.6-1 [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3) NOTE: https://github.com/saitoha/libsixel/issues/75 CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...) - libsixel 1.8.6-1 [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/74 NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5) CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...) - libsixel 1.8.6-1 [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/73 NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4) NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4) ===================================== data/dla-needed.txt ===================================== @@ -35,6 +35,10 @@ debian-archive-keyring (Utkarsh) NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html NOTE: 20210920: Raphael answered. will backport today. (utkarsh) -- +exiv2 (Thorsten Alteholz) +-- +faad2 (Thorsten Alteholz) +-- ffmpeg (Anton Gladky) NOTE: probably wait until stuff is fixed in Buster -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits