Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1

To: Timo Röhling <roehling@debian.org>, 1021130@bugs.debian.org
Subject: Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 14 Oct 2022 11:53:26 +0100
Message-id: <[🔎] 476f04211de36ba896c57a5781c350f563f4df1b.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1021130@bugs.debian.org
In-reply-to: <[🔎] 166473229121.76870.7625158437602863429.reportbug@roehling2.fkie.fraunhofer.de>
References: <[🔎] 166473229121.76870.7625158437602863429.reportbug@roehling2.fkie.fraunhofer.de> <[🔎] 166473229121.76870.7625158437602863429.reportbug@roehling2.fkie.fraunhofer.de>

Control: tags -1 + confirmed

On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote:
> The update fixes two vulnerabilities with low priority, i.e.
> the security team has decided not to issue a DSA.
> 
> [ Impact ]
> CVE-2022-34300: Heap overflow in DecodePixelData
> CVE-2022-38529: Heap overflow in rleUncompress
> 

+  * Fix low-priority vulnerabilities

I'm not sure I'd use that wording in a changelog personally - more
likely just "fix security issues" or "backport fixes" or similar - but
it's up to you.

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
  - From: Timo Röhling <roehling@debian.org>

Prev by Date: Processed: Re: Bug#1020596: bullseye-pu: mod-wsgi/4.7.1-3+deb11u1
Next by Date: Processed: Re: Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
Previous by thread: Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
Next by thread: Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
Index(es):
- Date
- Thread