Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2020-01-01 Thread Salvatore Bonaccorso
Hi Anton, On Wed, Jan 01, 2020 at 11:07:16AM +0100, Anton Gladky wrote: > Uploaded! Thank you! (Updated the tracker information). > Happy new year! Same to you! Regards, Salvatore

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2020-01-01 Thread Anton Gladky
Uploaded! Happy new year! Anton Am Fr., 27. Dez. 2019 um 21:23 Uhr schrieb Hugo Lefeuvre : > > > thanks for your valuable work on this bug! > > Yes, I can prepare update on 30-31st of December. > > that would be great, thanks! :-) > > cheers, > Hugo > > -- > Hugo Lefeuvre (hle)

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Hugo Lefeuvre
> thanks for your valuable work on this bug! > Yes, I can prepare update on 30-31st of December. that would be great, thanks! :-) cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Anton Gladky
Hi Hugo, thanks for your valuable work on this bug! Yes, I can prepare update on 30-31st of December. Regards Anton On Fri, Dec 27, 2019, 18:01 Hugo Lefeuvre wrote: > > Sounds like a sensible plan, if we are going to release updates as > > well for stretch and buster, so that there is not

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Hugo Lefeuvre
> Sounds like a sensible plan, if we are going to release updates as > well for stretch and buster, so that there is not "regression" (I mean > timewise, in case upstream will not land a new version) for buster -> > bullseye updates. Agree! Anton, do you think you could handle this update in

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Salvatore Bonaccorso
HI Hugo, On Fri, Dec 27, 2019 at 04:37:45PM +0100, Hugo Lefeuvre wrote: > > As there will not be a fix for all CVEs in one go, let's split the bug > > for the benefit of tracking the fixes. CVE-2019-12211 and > > CVE-2019-12213 have the same upstream change, so will clone this into > > three. >

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Hugo Lefeuvre
Hi, > As there will not be a fix for all CVEs in one go, let's split the bug > for the benefit of tracking the fixes. CVE-2019-12211 and > CVE-2019-12213 have the same upstream change, so will clone this into > three. thanks Salvatore! regarding CVE-2019-12213 and CVE-2019-12211 in unstable: I

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-27 Thread Salvatore Bonaccorso
Control: clone 929597 -1 -2 Control: retitle 929597 freeimage: CVE-2019-12211 CVE-2019-12213 Control: retitle -1 freeimage: CVE-2019-12212 Control: retitle -2 freeimage: CVE-2019-12214 Hi, As there will not be a fix for all CVEs in one go, let's split the bug for the benefit of tracking the

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-12-11 Thread Hugo Lefeuvre
Hi, small update: I have updated jessie with the cherry picked patch for CVE-2019-12213 and CVE-2019-12211. I have contacted upstream to know when he is planning to release 3.18.1 so that we can get this fixed in testing without cherry picking. I am currently testing stretch and buster updates

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-06-04 Thread Moritz Muehlenhoff
On Tue, Jun 04, 2019 at 08:20:33PM +0200, Anton Gladky wrote: > severity 929597 important > thanks > > The fix from upstream is still not available. I am not feeling > confident enough to provide a fix for this complex peace > of code without breaking it. > > Also reducing the severity. If the

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-06-04 Thread Anton Gladky
severity 929597 important thanks The fix from upstream is still not available. I am not feeling confident enough to provide a fix for this complex peace of code without breaking it. Also reducing the severity. If the security team decides to keep it "grave" - feel free to revert it. Regards

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-06-03 Thread Anton Gladky
There is no upstream fix still available. I am planning to decrease the severity of the ticket to normal and track it as a simple security issue. Anton Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky : > > CVE-2019-12214 does not affect buster and stretch. > Jessie should be double

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-05-27 Thread Anton Gladky
CVE-2019-12214 does not affect buster and stretch. Jessie should be double checked because an older version is used there. Anton Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky : > > Hi Moritz, > > thanks for the reporting. As far as I see, there is still > no available fix from upstream.

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-05-26 Thread Anton Gladky
Hi Moritz, thanks for the reporting. As far as I see, there is still no available fix from upstream. Cheers Anton Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff : > > Source: freeimage > Severity: grave > Tags: security > > Please see >

Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

2019-05-26 Thread Moritz Muehlenhoff
Source: freeimage Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213