Markus Koschany
2024-04-06 21:00:01 UTC
Reply
PermalinkSeverity: normal
Tags: bullseye
User: ***@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ***@packages.debian.org, ***@debian.org
Control: affects -1 + src:imlib2
[ Reason ]
Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye.
[ Impact ]
CVE remain unfixed in bullseye while they are already fixed in stable
and newer distributions.
[ Tests ]
Code changes are trivial
[ Risks ]
Code changes are trivial and are already present in bookworm. No
regressions have been reported.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
A variable in the tgaflip function was multiplied with the height and not
the width which can cause a heap buffer overflow.