[Git][security-tracker-team/security-tracker][master] 2 commits: not fixed by a point release but a LTS upload
Thorsten Alteholz
alteholz at debian.org
Tue Mar 31 18:28:23 BST 2020
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ee75b45 by Thorsten Alteholz at 2020-03-31T19:22:03+02:00
not fixed by a point release but a LTS upload
- - - - -
c872b012 by Thorsten Alteholz at 2020-03-31T19:28:12+02:00
Reserve DLA-2164-1 for gst-plugins-bad0.10
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -173147,7 +173147,6 @@ CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux
{DSA-3818-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.4-1 (low)
- gst-plugins-bad0.10 <unfixed> (low)
- [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
@@ -173182,7 +173181,6 @@ CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_objec
{DSA-3818-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.3-1
- gst-plugins-bad0.10 <unfixed> (low)
- [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...)
@@ -188581,7 +188579,6 @@ CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStre
{DSA-3818-1 DLA-736-1}
- gst-plugins-bad1.0 1.10.2-1
- gst-plugins-bad0.10 <removed>
- [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...)
- gst-plugins-good1.0 1.10.1-2
@@ -243132,7 +243129,6 @@ CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Andro
CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefo ...)
{DSA-3264-1 DSA-3260-1 DSA-3225-1}
- gst-plugins-bad0.10 <removed> (bug #784220)
- [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2020] DLA-2164-1 gst-plugins-bad0.10 - security update
+ {CVE-2015-0797 CVE-2016-9809 CVE-2017-5843 CVE-2017-5848}
+ [jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u3
[31 Mar 2020] DLA-2163-1 tinyproxy - security update
{CVE-2017-11747}
[jessie] - tinyproxy 1.8.3-3+deb8u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd...c872b012dd7aa76c2fc4f9e806d990dd9c3fc1a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9dc48131d1173d5d10d9d9b9fd1b0ed60dd68bd...c872b012dd7aa76c2fc4f9e806d990dd9c3fc1a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/014ef04b/attachment.html>
More information about the debian-security-tracker-commits
mailing list