Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8136e92a by Chris Lamb at 2022-08-21T09:41:20-07:00 data/dla-needed.txt: Triage flac for buster LTS (CVE-2021-0561) - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -128593,7 +128593,6 @@ CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there {DLA-2951-1} - flac 1.3.4-1 (bug #1006339) [bullseye] - flac 1.3.3-2+deb11u1 - [buster] - flac <no-dsa> (Minor issue) NOTE: https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be (1.3.4) NOTE: https://xiph.org/flac/changelog.html#flac_1.3.4 NOTE: https://android.googlesource.com/platform/external/flac/+/368eb3f5bec249a197c95a95583ff8153aa6a87f ===================================== data/dla-needed.txt ===================================== @@ -36,6 +36,9 @@ exiv2 NOTE: 20220819: Programming language: C++. NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb) -- +flac + NOTE: 20220821: Programming language: C. +-- jetty9 (Markus Koschany) NOTE: 20220802: Programming language: Java. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8136e92a49724b2bb562286d496a61ced974af29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8136e92a49724b2bb562286d496a61ced974af29 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits