Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7d965e06 by Ola Lundqvist at 2024-04-11T22:26:16+02:00 Removed postpone tag for buster freeimage CVEs since patches are available in fedora. The postpone tag should probably be removed for later releases as well but that is not up to the LTS team to decide so keeping them. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23543,7 +23543,6 @@ CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitma - freeimage <unfixed> (bug #1060691) [bookworm] - freeimage <postponed> (Revisit when fixed upstream) [bullseye] - freeimage <postponed> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47997.patch CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...) @@ -23556,7 +23555,6 @@ CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in Bitmap - freeimage <unfixed> (bug #1060862) [bookworm] - freeimage <postponed> (Revisit when fixed upstream) [bullseye] - freeimage <postponed> (Revisit when fixed upstream) - [buster] - freeimage <postponed> (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47995.patch CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...) @@ -262889,7 +262887,6 @@ CVE-2020-24295 (Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() - freeimage <unfixed> (bug #1059152) [bookworm] - freeimage <postponed> (Revisit when patches are available) [bullseye] - freeimage <postponed> (Revisit when patches are available) - [buster] - freeimage <postponed> (Revisit when patches are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24295.patch CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDP ...) @@ -262902,7 +262899,6 @@ CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser - freeimage <unfixed> (bug #1059152) [bookworm] - freeimage <postponed> (Revisit when patches are available) [bullseye] - freeimage <postponed> (Revisit when patches are available) - [buster] - freeimage <postponed> (Revisit when patches are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24293.patch CVE-2020-24292 (Buffer Overflow vulnerability in load function in PluginICO.cpp in Fre ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d965e06c8c87c4f7c9f6b01122b193881971cc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d965e06c8c87c4f7c9f6b01122b193881971cc5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits