Discussion:
Bug#1068514: bullseye-pu: package imlib2/1.7.1-2
Add Reply
Markus Koschany
2024-04-06 21:00:01 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: bullseye
User: ***@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ***@packages.debian.org, ***@debian.org
Control: affects -1 + src:imlib2

[ Reason ]

Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye.

[ Impact ]

CVE remain unfixed in bullseye while they are already fixed in stable
and newer distributions.

[ Tests ]

Code changes are trivial

[ Risks ]

Code changes are trivial and are already present in bookworm. No
regressions have been reported.

[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable

[ Changes ]

A variable in the tgaflip function was multiplied with the height and not
the width which can cause a heap buffer overflow.
Debian Bug Tracking System
2024-04-06 21:00:01 UTC
Reply
Permalink
Post by Markus Koschany
affects -1 + src:imlib2
Bug #1068514 [release.debian.org] bullseye-pu: package imlib2/1.7.1-2
Added indication that 1068514 affects src:imlib2
--
1068514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068514
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Jonathan Wiltshire
2024-04-22 17:10:03 UTC
Reply
Permalink
Control: tag -1 confirmed
Post by Markus Koschany
Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye.
Please go ahead.

Thanks,
--
Jonathan Wiltshire ***@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Debian Bug Tracking System
2024-04-22 17:10:05 UTC
Reply
Permalink
Post by Jonathan Wiltshire
tag -1 confirmed
Bug #1068514 [release.debian.org] bullseye-pu: package imlib2/1.7.1-2
Added tag(s) confirmed.
--
1068514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068514
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Jonathan Wiltshire
2024-04-22 20:10:02 UTC
Reply
Permalink
package release.debian.org
tags 1068514 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==============

Package: imlib2
Version: 1.7.1-2+deb11u1

Explanation:
Debian Bug Tracking System
2024-04-22 20:10:02 UTC
Reply
Permalink
Post by Jonathan Wiltshire
package release.debian.org
Limiting to bugs with field 'package' containing at least one of 'release.debian.org'
Limit currently set to 'package':'release.debian.org'
Post by Jonathan Wiltshire
tags 1068514 = bullseye pending
Bug #1068514 [release.debian.org] bullseye-pu: package imlib2/1.7.1-2
Added tag(s) pending; removed tag(s) confirmed.
Post by Jonathan Wiltshire
thanks
Stopping processing here.

Please contact me if you need assistance.
--
1068514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068514
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...