[Git][security-tracker-team/security-tracker][master] 2 commits: issues will be fixed

Fri Feb 28 22:29:14 GMT 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e22cc75e by Thorsten Alteholz at 2020-02-28T23:28:31+01:00
issues will be fixed

- - - - -
d9ae5f58 by Thorsten Alteholz at 2020-02-28T23:29:04+01:00
Reserve DLA-2126-1 for gst-plugins-base0.10

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -168840,7 +168840,6 @@ CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff
 	{DSA-3819-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
-	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
 CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
@@ -168885,7 +168884,6 @@ CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff
 	{DSA-3819-1 DLA-827-1}
 	- gst-plugins-base1.0 1.10.3-1 (low)
 	- gst-plugins-base0.10 <removed> (low)
-	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
 CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...)
@@ -184235,7 +184233,6 @@ CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStream
 	{DSA-3819-1 DLA-735-1}
 	- gst-plugins-base1.0 1.10.2-1
 	- gst-plugins-base0.10 <removed>
-	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
 CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in g ...)
 	- gst-plugins-good1.0 1.10.1-2


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Feb 2020] DLA-2126-1 gst-plugins-base0.10 - security update
+	{CVE-2016-9811 CVE-2017-5837 CVE-2017-5844}
+	[jessie] - gst-plugins-base0.10 0.10.36-2+deb8u2
 [28 Feb 2020] DLA-2125-1 collabtive - security update
 	{CVE-2015-0258}
 	[jessie] - collabtive 2.0+dfsg-5+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4f34ed0a93c804a174eaa127234a25979adf2297...d9ae5f58115f1ae2598abb14ab9ceac321ea75eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4f34ed0a93c804a174eaa127234a25979adf2297...d9ae5f58115f1ae2598abb14ab9ceac321ea75eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200228/5fceefb8/attachment.html>
