[Git][security-tracker-team/security-tracker][master] 2 commits: not fixed by a point release but a LTS upload

Tue Mar 31 18:28:23 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ee75b45 by Thorsten Alteholz at 2020-03-31T19:22:03+02:00
not fixed by a point release but a LTS upload

- - - - -
c872b012 by Thorsten Alteholz at 2020-03-31T19:28:12+02:00
Reserve DLA-2164-1 for gst-plugins-bad0.10

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -173147,7 +173147,6 @@ CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux
 	{DSA-3818-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.4-1 (low)
 	- gst-plugins-bad0.10 <unfixed> (low)
-	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
 	NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
@@ -173182,7 +173181,6 @@ CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_objec
 	{DSA-3818-1 DLA-830-1}
 	- gst-plugins-bad1.0 1.10.3-1
 	- gst-plugins-bad0.10 <unfixed> (low)
-	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
 CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...)
@@ -188581,7 +188579,6 @@ CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStre
 	{DSA-3818-1 DLA-736-1}
 	- gst-plugins-bad1.0 1.10.2-1
 	- gst-plugins-bad0.10 <removed>
-	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
 CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...)
 	- gst-plugins-good1.0 1.10.1-2
@@ -243132,7 +243129,6 @@ CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Andro
 CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefo ...)
 	{DSA-3264-1 DSA-3260-1 DSA-3225-1}
 	- gst-plugins-bad0.10 <removed> (bug #784220)
-	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
 	[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
 	- iceweasel 38.0-1
 	[squeeze] - iceweasel <end-of-life>


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2020] DLA-2164-1 gst-plugins-bad0.10 - security update
+	{CVE-2015-0797 CVE-2016-9809 CVE-2017-5843 CVE-2017-5848}
+	[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u3
 [31 Mar 2020] DLA-2163-1 tinyproxy - security update
 	{CVE-2017-11747}
 	[jessie] - tinyproxy 1.8.3-3+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd...c872b012dd7aa76c2fc4f9e806d990dd9c3fc1a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd...c872b012dd7aa76c2fc4f9e806d990dd9c3fc1a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/014ef04b/attachment.html>
