[Git][security-tracker-team/security-tracker][master] 2 commits: faad2 issues fixed in recent upload
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Oct 24 16:33:23 BST 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2cd6585b by Thorsten Alteholz at 2021-10-24T17:31:59+02:00
faad2 issues fixed in recent upload
- - - - -
f2693817 by Thorsten Alteholz at 2021-10-24T17:33:05+02:00
Reserve DLA-2792-1 for faad2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -176633,7 +176633,6 @@ CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAA
{DLA-1899-1}
- faad2 2.8.8-3.1 (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
NOTE: https://github.com/knik0/faad2/issues/39
NOTE: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57
@@ -186134,7 +186133,6 @@ CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_
{DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/32
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
@@ -186742,7 +186740,6 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib
{DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/24
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Oct 2021] DLA-2792-1 faad2 - security update
+ {CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
+ [stretch] - faad2 2.8.0~cvs20161113-1+deb9u3
[23 Oct 2021] DLA-2791-1 mailman - security update
{CVE-2021-42096 CVE-2021-42097}
[stretch] - mailman 1:2.1.23-1+deb9u7
=====================================
data/dla-needed.txt
=====================================
@@ -32,9 +32,6 @@ debian-archive-keyring
exiv2 (Thorsten Alteholz)
NOTE: 20211010: WIP, also taking care of older issues
--
-faad2 (Thorsten Alteholz)
- NOTE: 20211010: WIP, also taking care of older issues
---
ffmpeg (Anton Gladky)
NOTE: probably wait until stuff is fixed in Buster
NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/686fd0989e8e6fb615d2d6e2cbb677562777235c...f2693817d87b649c9a6e492ca0cb181c3e71de5c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/686fd0989e8e6fb615d2d6e2cbb677562777235c...f2693817d87b649c9a6e492ca0cb181c3e71de5c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211024/6dc73e11/attachment.htm>
More information about the debian-security-tracker-commits
mailing list