Debian GNU/Linux has recently issued two important security updates: ELA-1498-1 for the openjpeg2 package in Debian 10 ELTS and DLA 4266-1 for the distro-info-data database in Debian 11 LTS.
- Version: 2.3.0-2+deb10u4 (Buster)
- Related CVEs:
- CVE-2019-12973: Addresses excessive iterations in the convertbmp function.
- CVE-2025-50952: Mitigates potential undefined behavior in the opj_dwt_decode_tile function.
These updates resolve multiple vulnerabilities associated with the JPEG 2000 image library, enhancing the security of systems running Debian 10.
- Version: 0.51+deb11u9
- This update is routine and includes the addition of release and estimated End-of-Life (EoL) dates for Debian 13 "Trixie." A new "eol-legacy" column has also been introduced for Ubuntu Legacy Support.
For users of Debian 11 Bullseye, these issues have been addressed with the specified version. Upgrading the distro-info-data package is recommended to ensure users have the latest information.
For additional details regarding the security status of the distro-info-data package, users can refer to its security tracker page. Further information about Debian LTS security advisories, including how to apply these updates and answers to frequently asked questions, can be found on the Debian Wiki.
ELA-1498-1: OpenJPEG2 Security Update
- Package: openjpeg2- Version: 2.3.0-2+deb10u4 (Buster)
- Related CVEs:
- CVE-2019-12973: Addresses excessive iterations in the convertbmp function.
- CVE-2025-50952: Mitigates potential undefined behavior in the opj_dwt_decode_tile function.
These updates resolve multiple vulnerabilities associated with the JPEG 2000 image library, enhancing the security of systems running Debian 10.
DLA 4266-1: Distro-Info-Data Database Update
- Package: distro-info-data- Version: 0.51+deb11u9
- This update is routine and includes the addition of release and estimated End-of-Life (EoL) dates for Debian 13 "Trixie." A new "eol-legacy" column has also been introduced for Ubuntu Legacy Support.
For users of Debian 11 Bullseye, these issues have been addressed with the specified version. Upgrading the distro-info-data package is recommended to ensure users have the latest information.
For additional details regarding the security status of the distro-info-data package, users can refer to its security tracker page. Further information about Debian LTS security advisories, including how to apply these updates and answers to frequently asked questions, can be found on the Debian Wiki.
Extended Information
Debian continues to prioritize security and maintain robust support for its stable releases, ensuring that users are protected against known vulnerabilities. Regular updates such as these are crucial for maintaining the integrity of systems that rely on the Debian operating system. Users are encouraged to stay informed about updates and apply them promptly to safeguard their systems against potential threats. Additionally, the inclusion of new information in the distro-info-data database reflects the ongoing efforts to provide users with essential insights into the lifecycle and support timelines of Debian releasesOpenJPEG2 and Distro-Info-Data updates for Debian
Debian GNU/Linux has received two security updates: ELA-1498-1 openjpeg2 for Debian 10 ELTS and DLA 4266-1 distro-info-data database update for Debian 11 LTS
ELA-1498-1 openjpeg2 security update
[DLA 4266-1] distro-info-data database updateOpenJPEG2 and Distro-Info-Data updates for Debian @ Linux Compatible
