Your message dated Sat, 04 Feb 2023 17:08:34 +0100
with message-id <53502a5106f68f8429574793e44711cdbe30d423.ca...@sviech.de>
and subject line Re: libde265: CVE-2020-21594 CVE-2020-21595 CVE-2020-21596
CVE-2020-21597 CVE-2020-21599 CVE-2020-21601 CVE-2020-21603 CVE-2020-21604
CVE-2020-21605 CVE-2020-21606
has caused the Debian Bug report #1029397,
regarding libde265: CVE-2020-21596
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1029397: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2020-21594[0]:
| libde265 v1.0.4 contains a heap buffer overflow in the
| put_epel_hv_fallback function, which can be exploited via a crafted a
| file.
https://github.com/strukturag/libde265/issues/233
CVE-2020-21595[1]:
| libde265 v1.0.4 contains a heap buffer overflow in the mc_luma
| function, which can be exploited via a crafted a file.
https://github.com/strukturag/libde265/issues/239
CVE-2020-21596[2]:
| libde265 v1.0.4 contains a global buffer overflow in the
| decode_CABAC_bit function, which can be exploited via a crafted a
| file.
https://github.com/strukturag/libde265/issues/236
CVE-2020-21597[3]:
| libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma
| function, which can be exploited via a crafted a file.
https://github.com/strukturag/libde265/issues/238
CVE-2020-21599[4]:
| libde265 v1.0.4 contains a heap buffer overflow in the
| de265_image::available_zscan function, which can be exploited via a
| crafted a file.
https://github.com/strukturag/libde265/issues/235
CVE-2020-21601[5]:
| libde265 v1.0.4 contains a stack buffer overflow in the
| put_qpel_fallback function, which can be exploited via a crafted a
| file.
https://github.com/strukturag/libde265/issues/241
CVE-2020-21603[6]:
| libde265 v1.0.4 contains a heap buffer overflow in the
| put_qpel_0_0_fallback_16 function, which can be exploited via a
| crafted a file.
https://github.com/strukturag/libde265/issues/240
CVE-2020-21604[7]:
| libde265 v1.0.4 contains a heap buffer overflow fault in the
| _mm_loadl_epi64 function, which can be exploited via a crafted a file.
https://github.com/strukturag/libde265/issues/231
CVE-2020-21605[8]:
| libde265 v1.0.4 contains a segmentation fault in the
| apply_sao_internal function, which can be exploited via a crafted a
| file.
https://github.com/strukturag/libde265/issues/234
CVE-2020-21606[9]:
| libde265 v1.0.4 contains a heap buffer overflow fault in the
| put_epel_16_fallback function, which can be exploited via a crafted a
| file.
https://github.com/strukturag/libde265/issues/232
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-21594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21594
[1] https://security-tracker.debian.org/tracker/CVE-2020-21595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21595
[2] https://security-tracker.debian.org/tracker/CVE-2020-21596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21596
[3] https://security-tracker.debian.org/tracker/CVE-2020-21597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21597
[4] https://security-tracker.debian.org/tracker/CVE-2020-21599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21599
[5] https://security-tracker.debian.org/tracker/CVE-2020-21601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21601
[6] https://security-tracker.debian.org/tracker/CVE-2020-21603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21603
[7] https://security-tracker.debian.org/tracker/CVE-2020-21604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21604
[8] https://security-tracker.debian.org/tracker/CVE-2020-21605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21605
[9] https://security-tracker.debian.org/tracker/CVE-2020-21606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21606
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Control: fixed -1 1.0.11-1
This was fixed with the upload of 1.0.11-1.
--- End Message ---
