[Git][security-tracker-team/security-tracker][master] 3 commits: add exiv2

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a86b965a by Thorsten Alteholz at 2021-09-26T19:18:32+02:00
add exiv2

- - - - -
9eacc86f by Thorsten Alteholz at 2021-09-26T19:18:59+02:00
add faad2

- - - - -
604a63bf by Thorsten Alteholz at 2021-09-26T19:20:56+02:00
mark some CVEs of libsixel as no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -78985,11 +78985,13 @@ CVE-2020-21549
 CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the 
sixel_enco ...)
        - libsixel 1.8.6-1
        [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/116
        NOTE: 
https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a
 (v1.8.4)
 CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the 
dither_fun ...)
        - libsixel 1.8.6-1
        [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/114
        NOTE: 
https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a
 (v1.8.4)
 CVE-2020-21546
@@ -80016,16 +80018,19 @@ CVE-2020-21051
 CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in 
the funct ...)
        - libsixel 1.8.6-1
        [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: 
https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee
 (v1.8.3)
        NOTE: https://github.com/saitoha/libsixel/issues/75
 CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior 
to v1.8 ...)
        - libsixel 1.8.6-1
        [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/74
        NOTE: 
https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
 (v1.8.5)
 CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 
allows  ...)
        - libsixel 1.8.6-1
        [buster] - libsixel <no-dsa> (Minor issue)
+       [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/73
        NOTE: 
https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037
 (v1.8.4)
        NOTE: 
https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226
 (v1.8.4)


=====================================
data/dla-needed.txt
=====================================
@@ -35,6 +35,10 @@ debian-archive-keyring (Utkarsh)
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
 --
+exiv2 (Thorsten Alteholz)
+--
+faad2 (Thorsten Alteholz)
+--
 ffmpeg (Anton Gladky)
   NOTE: probably wait until stuff is fixed in Buster
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/053ec9792b45cd6331467748878b08c81babe006...604a63bf6b31f49a9207aff66df2d0e32dc09e59
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits