Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0b157ca9 by Tobias Frost at 2023-01-24T23:00:49+01:00 Reverse DLA-3280-1 for libde265. - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -184482,19 +184482,16 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_ima CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...) - libde265 1.0.9-1 (bug #1004963) [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream) - [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream) [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/237 CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...) - libde265 1.0.9-1 (bug #1014999) [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream) - [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream) [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/238 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) - libde265 <unfixed> (bug #1029397) [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream) - [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream) [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/236 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[24 Jan 2023] DLA-3280-1 libde265 - security update + {CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655} + [buster] - libde265 1.0.3-1+deb10u3 [23 Jan 2023] DLA-3279-1 trafficserver - security update {CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31780} [buster] - trafficserver 8.0.2+ds-1+deb10u7 ===================================== data/dla-needed.txt ===================================== @@ -122,13 +122,6 @@ libapache2-mod-auth-mellon NOTE: 20230105: Programming language: C. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) -- -libde265 (tobi) - NOTE: 20221107: Programming language: C++. - NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk) - NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk) - NOTE: 20221215: CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 adressed, remaining CVEs are unfixed upstream. (I've proposed a patch upstream, waiting for feeback) (tobi) - NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libde265.git --- libreoffice NOTE: 20221012: Programming language: C++. NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b157ca978070e7bc0d634bd01cd0aae3c001222 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b157ca978070e7bc0d634bd01cd0aae3c001222 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits