[Git][security-tracker-team/security-tracker][master] Reserve DLA-2828-1 for libvorbis
Adrian Bunk (@bunk)
bunk at debian.org
Sat Nov 27 17:57:29 GMT 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55527ec0 by Adrian Bunk at 2021-11-27T19:57:14+02:00
Reserve DLA-2828-1 for libvorbis
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -226530,7 +226530,6 @@ CVE-2018-10394
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -226538,7 +226537,6 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
@@ -265650,7 +265648,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2
NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2021] DLA-2828-1 libvorbis - security update
+ {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+ [stretch] - libvorbis 1.3.5-4+deb9u3
[27 Nov 2021] DLA-2827-1 bluez - security update
{CVE-2019-8921 CVE-2019-8922 CVE-2021-41229}
[stretch] - bluez 5.43-2+deb9u5
=====================================
data/dla-needed.txt
=====================================
@@ -62,8 +62,6 @@ libssh2 (Ola Lundqvist)
NOTE: 20211031: but still need fixing in stretch and buster. (bunk)
NOTE: 20211116: Work in progress for stretch. (ola)
--
-libvorbis (Adrian Bunk)
---
libvpx (Adrian Bunk)
--
linux (Ben Hutchings)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55527ec0caa66402d56b6adaae0d4f29bf5541b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55527ec0caa66402d56b6adaae0d4f29bf5541b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211127/f50b5dbb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list