[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-36131/aom

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
675a7ee8 by Salvatore Bonaccorso at 2021-12-04T10:35:22+01:00
Update status for CVE-2020-36131/aom

Both apps/aomenc.c in buster and bullseye do not seem to initialize as
well the raw image object and have similar code. While the poc might not
tirgger, try to play safe on this one on the maybe erring side.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59659,9 +59659,9 @@ CVE-2020-36132
 	RESERVED
 CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
 	- aom 3.2.0-1
-	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
-	[buster] - aom <not-affected> (Vulnerable code introduced later)
-	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1)
+	[bullseye] - aom <no-dsa> (Minor issue)
+	[buster] - aom <no-dsa> (Minor issue)
+	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
 	- aom 3.2.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675a7ee8a4076282ba681bad8f7d068b15081b10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675a7ee8a4076282ba681bad8f7d068b15081b10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211204/b2517c5d/attachment.htm>