[Git][security-tracker-team/security-tracker][master] gst DSAs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5db764c by Moritz Mühlenhoff at 2021-04-24T19:33:28+02:00
gst DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2396,20 +2396,24 @@ CVE-2015-20002
 	RESERVED
 CVE-2021-XXXX [out of bounds reads in ASF demuxer]
 	- gst-plugins-ugly1.0 1.18.4-2
+	[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4)
 CVE-2021-XXXX [invalid reads during ID3v2 tag parsing]
 	- gst-plugins-base1.0 1.18.4-2
+	[buster] - gst-plugins-base1.0 1.14.4-2+deb10u1
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4)
 CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations]
 	- gst-plugins-bad1.0 1.18.4-2
+	[buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch)
 CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels]
 	- gst-libav1.0 1.18.4-2
+	[buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,14 @@
+[24 Apr 2021] DSA-4904-1 gst-plugins-ugly1.0 - security update
+	[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
+[24 Apr 2021] DSA-4903-1 gst-plugins-base1.0 - security update
+	[buster] - gst-plugins-base1.0 1.14.4-2+deb10u1
+[24 Apr 2021] DSA-4902-1 gst-plugins-bad1.0 - security update
+	[buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
+[24 Apr 2021] DSA-4901-1 gst-libav1.0 - security update
+	[buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1
+[24 Apr 2021] DSA-4900-1 gst-plugins-good1.0 - security update
+	{CVE-2021-3497 CVE-2021-3498}
+	[buster] - gst-plugins-good1.0 1.14.4-1+deb10u1
 [23 Apr 2021] DSA-4899-1 openjdk-11 - security update
 	{CVE-2021-2161}
 	[buster] - openjdk-11 11.0.11+9-1~deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -16,16 +16,6 @@ chromium
 --
 condor
 --
-gst-plugins-good1.0 (jmm)
---
-gst-libav1.0 (jmm)
---
-gst-plugins-bad1.0 (jmm)
---
-gst-plugins-base1.0 (jmm)
---
-gst-plugins-ugly1.0 (jmm)
---
 libhibernate3-java
   Markus Koschany proposed debdiff for review: <15258f788bac283a47d84c2beab73e17b805ba46.camel at debian.org>
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db764cdc490e4c6e419e898f5e2a13f4466bef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db764cdc490e4c6e419e898f5e2a13f4466bef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210424/e366f708/attachment-0001.htm>