Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b157ca9 by Tobias Frost at 2023-01-24T23:00:49+01:00
Reverse DLA-3280-1 for libde265.
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -184482,19 +184482,16 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap
buffer overflow in the de265_ima
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the
ff_hevc_put_unw ...)
- libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
- [buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the
mc_chroma funct ...)
- libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
- [buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the
decode_CABAC_ ...)
- libde265 <unfixed> (bug #1029397)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
- [buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma
functio ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jan 2023] DLA-3280-1 libde265 - security update
+ {CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235
CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240
CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245
CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253
CVE-2022-47655}
+ [buster] - libde265 1.0.3-1+deb10u3
[23 Jan 2023] DLA-3279-1 trafficserver - security update
{CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31780}
[buster] - trafficserver 8.0.2+ds-1+deb10u7
=====================================
data/dla-needed.txt
=====================================
@@ -122,13 +122,6 @@ libapache2-mod-auth-mellon
NOTE: 20230105: Programming language: C.
NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
--
-libde265 (tobi)
- NOTE: 20221107: Programming language: C++.
- NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are
fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk)
- NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk)
- NOTE: 20221215: CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409
CVE-2021-36410 CVE-2021-36411 adressed, remaining CVEs are unfixed upstream.
(I've proposed a patch upstream, waiting for feeback) (tobi)
- NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libde265.git
---
libreoffice
NOTE: 20221012: Programming language: C++.
NOTE: 20230111: VCS:
https://salsa.debian.org/lts-team/packages/libreoffice.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b157ca978070e7bc0d634bd01cd0aae3c001222
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b157ca978070e7bc0d634bd01cd0aae3c001222
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
