[Git][security-tracker-team/security-tracker][master] vlc DSA

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3ef2bb7 by Moritz Muehlenhoff at 2019-08-20T21:59:20Z
vlc DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4068,8 +4068,6 @@ CVE-2019-13963
 	RESERVED
 CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
 	- vlc 3.0.8-1 (low)
-	[buster] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
-	[stretch] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
 	NOTE: https://trac.videolan.org/vlc/ticket/22240
@@ -5869,8 +5867,6 @@ CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (former
 	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver
 CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
 	- vlc 3.0.7.1-2 (bug #932131)
-	[buster] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
-	[stretch] - vlc <postponed> (Minor issue, wait until next 3.0.x release)
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[20 Aug 2019] DSA-4504-1 vlc - security update
+	{CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970}
+	[stretch] - vlc 3.0.8-0+deb9u1
+	[buster] - vlc 3.0.8-0+deb10u1
 [18 Aug 2019] DSA-4503-1 golang-1.11 - security update
 	{CVE-2019-9512 CVE-2019-9514 CVE-2019-14809}
 	[buster] - golang-1.11 1.11.6-1+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -71,8 +71,6 @@ teeworlds/oldstable
 --
 trafficserver
 --
-vlc (jmm)
---
 wordpress
 --
 wpa



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3ef2bb7ebc23d4a2e248aad11fc65ef9856f27e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3ef2bb7ebc23d4a2e248aad11fc65ef9856f27e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/1bd35d80/attachment-0001.html>