Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: afd03b29 by Adrian Bunk at 2024-03-08T01:02:57+02:00 Reserve DLA-3754-1 for fontforge - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -299331,7 +299331,6 @@ CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect t NOT-FOR-US: MITREid Connect CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...) - fontforge 1:20201107~dfsg-1 (bug #948231) - [buster] - fontforge <no-dsa> (Minor issue) [stretch] - fontforge <no-dsa> (Minor issue) [jessie] - fontforge <no-dsa> (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4085 @@ -299549,7 +299548,6 @@ CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, NOT-FOR-US: VMware CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) - fontforge 1:20201107~dfsg-1 (bug #948231) - [buster] - fontforge <no-dsa> (Minor issue) [stretch] - fontforge <no-dsa> (Minor issue) [jessie] - fontforge <no-dsa> (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4084 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[08 Mar 2024] DLA-3754-1 fontforge - security update + {CVE-2020-5395 CVE-2020-5496 CVE-2024-25081 CVE-2024-25082} + [buster] - fontforge 1:20170731~dfsg-1+deb10u1 [06 Mar 2024] DLA-3753-1 yard - security update {CVE-2019-1020001 CVE-2024-27285} [buster] - yard 0.9.16-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -101,9 +101,6 @@ exiftags expat NOTE: 20240306: Added by Front-Desk (opal) -- -fontforge (Adrian Bunk) - NOTE: 20240306: Added by Front-Desk (opal) --- freeimage NOTE: 20240121: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd03b2915fb9afbb3ac5849fd89f01080b8714e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afd03b2915fb9afbb3ac5849fd89f01080b8714e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits