Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d965e06 by Ola Lundqvist at 2024-04-11T22:26:16+02:00
Removed postpone tag for buster freeimage CVEs since patches are available in
fedora.
The postpone tag should probably be removed for later releases as well but
that is not up to the LTS team to decide so keeping them.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23543,7 +23543,6 @@ CVE-2023-47997 (An issue discovered in
BitmapAccess.cpp::FreeImage_AllocateBitma
- freeimage <unfixed> (bug #1060691)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47997.patch
CVE-2023-47996 (An integer overflow vulnerability in
Exif.cpp::jpeg_read_exif_dir in F ...)
@@ -23556,7 +23555,6 @@ CVE-2023-47995 (Memory Allocation with Excessive Size
Value discovered in Bitmap
- freeimage <unfixed> (bug #1060862)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
- [buster] - freeimage <postponed> (Revisit when fixed upstream)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47995.patch
CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4
function in Plu ...)
@@ -262889,7 +262887,6 @@ CVE-2020-24295 (Buffer Overflow vulnerability in
PSDParser.cpp::ReadImageLine()
- freeimage <unfixed> (bug #1059152)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
- [buster] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24295.patch
CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function
in PSDP ...)
@@ -262902,7 +262899,6 @@ CVE-2020-24293 (Buffer Overflow vulnerability in
psdThumbnail::Read in PSDParser
- freeimage <unfixed> (bug #1059152)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
- [buster] - freeimage <postponed> (Revisit when patches are available)
NOTE:
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24293.patch
CVE-2020-24292 (Buffer Overflow vulnerability in load function in
PluginICO.cpp in Fre ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d965e06c8c87c4f7c9f6b01122b193881971cc5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d965e06c8c87c4f7c9f6b01122b193881971cc5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
