diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-01 11:25:53 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-01 11:25:53 +0100 |
| commit | 5d4b8f08dad8019fd3be39bfdbf9ff015da749ce (patch) | |
| tree | e91256844b8217dc416703d7189010983be3dc32 | |
| parent | ade2bddd00acba30b01826f976b06e3e651c3a54 (diff) | |
Add CVE-2021-45928/jpeg-xl
| -rw-r--r-- | data/CVE/2021.list | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 8e5af18abd..7f3c84fdd5 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -98,7 +98,12 @@ CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in Q CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) TODO: check CVE-2021-45928 (libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other pr ...) - TODO: check + - jpeg-xl <not-affected> (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456 + NOTE: https://github.com/libjxl/libjxl/issues/360 + NOTE: https://github.com/libjxl/libjxl/pull/365 + NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6) + NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6) CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) - mdbtools <undetermined> NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 |