Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: c266f120 by Moritz Muehlenhoff at 2021-01-13T19:58:30+01:00 one hylafax issue n/a in Debian openjpeg no-dsa - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -19217,6 +19217,7 @@ CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. T NOT-FOR-US: github.com/crewjam/saml CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...) - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1302 NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...) @@ -19225,12 +19226,15 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions NOTE: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...) - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1297 CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...) - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1294 CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...) - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1293 NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce CVE-2020-27840 @@ -19295,6 +19299,7 @@ CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in CVE-2020-27824 [global-buffer-overflow read in lib-openjp2] RESERVED - openjpeg2 <unfixed> + [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1286 NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2] @@ -46710,9 +46715,7 @@ CVE-2020-15399 CVE-2020-15398 RESERVED CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...) - - hylafax <unfixed> (bug #964198) - [buster] - hylafax <no-dsa> (Minor issue) - [stretch] - hylafax <no-dsa> (Minor issue) + - hylafax <not-affected> (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) - hylafax <unfixed> (bug #964198) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits