[Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for gst-plugin-base issue
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 29 07:34:53 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e4bc301 by Salvatore Bonaccorso at 2021-04-29T08:33:39+02:00
Add reference for gst-plugin-base issue
- - - - -
e0acdd01 by Salvatore Bonaccorso at 2021-04-29T08:34:07+02:00
CVE-2021-3522 assigned for gst-plugins-base1.0 issue
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,3 @@
-CVE-2021-3522
- RESERVED
CVE-2021-3521
RESERVED
CVE-2021-3520
@@ -2650,13 +2648,12 @@ CVE-2021-XXXX [out of bounds reads in ASF demuxer]
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master)
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4)
-CVE-2021-XXXX [invalid reads during ID3v2 tag parsing]
+CVE-2021-3522 [invalid reads during ID3v2 tag parsing]
- gst-plugins-base1.0 1.18.4-2
- [buster] - gst-plugins-base1.0 1.14.4-2+deb10u1
- [stretch] - gst-plugins-base1.0 1.10.4-1+deb9u2
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html
CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations]
- gst-plugins-bad1.0 1.18.4-2
[buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
=====================================
data/DLA/list
=====================================
@@ -5,6 +5,7 @@
[27 Apr 2021] DLA-2642-1 gst-plugins-bad1.0 - security update
[stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2
[27 Apr 2021] DLA-2641-1 gst-plugins-base1.0 - security update
+ {CVE-2021-3522}
[stretch] - gst-plugins-base1.0 1.10.4-1+deb9u2
[26 Apr 2021] DLA-2640-1 gst-plugins-good1.0 - security update
{CVE-2021-3497}
=====================================
data/DSA/list
=====================================
@@ -7,6 +7,7 @@
[24 Apr 2021] DSA-4904-1 gst-plugins-ugly1.0 - security update
[buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
[24 Apr 2021] DSA-4903-1 gst-plugins-base1.0 - security update
+ {CVE-2021-3522}
[buster] - gst-plugins-base1.0 1.14.4-2+deb10u1
[24 Apr 2021] DSA-4902-1 gst-plugins-bad1.0 - security update
[buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b68cf9bf95a21ddc1b56bc89df736addd63a4d98...e0acdd01eccf497e6a234c25db961f11f65bc385
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b68cf9bf95a21ddc1b56bc89df736addd63a4d98...e0acdd01eccf497e6a234c25db961f11f65bc385
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/827c7a32/attachment.htm>
More information about the debian-security-tracker-commits
mailing list