[Git][security-tracker-team/security-tracker][master] 4 commits: add wordpress

Thorsten Alteholz (@alteholz) alteholz at debian.org
Thu Sep 23 11:08:04 BST 2021 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f3c34a2 by Thorsten Alteholz at 2021-09-23T11:57:30+02:00
add wordpress

- - - - -
c1c66ce6 by Thorsten Alteholz at 2021-09-23T11:59:20+02:00
add squashfs-tools

- - - - -
864f0882 by Thorsten Alteholz at 2021-09-23T12:02:03+02:00
follow security team and mark some CVEs from gpac as ignored

- - - - -
d845a7c9 by Thorsten Alteholz at 2021-09-23T12:04:10+02:00
mark several CVEs from ligde265 as postponed until fixed upstream

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22000,6 +22000,7 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
+	[stretch] - gpac <ignored> (Minor issue)
 	- ccextractor 0.93+ds2-1 (bug #994746)
 	[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
 	[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
@@ -22009,12 +22010,14 @@ CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cau
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
+	[stretch] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b
 	NOTE: https://github.com/gpac/gpac/issues/1767
 CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in  ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
+	[stretch] - gpac <ignored> (Minor issue)
 	- ccextractor 0.93+ds2-1 (bug #994746)
 	[bullseye] - ccextractor <no-dsa> (Minor issue)
 	[buster] - ccextractor <no-dsa> (Minor issue)
@@ -22024,6 +22027,7 @@ CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPA
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
+	[stretch] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed
 	NOTE: https://github.com/gpac/gpac/issues/1765
 CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
@@ -22037,6 +22041,7 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
+	[stretch] - gpac <ignored> (Minor issue)
 	- ccextractor 0.93+ds2-1 (bug #994746)
 	[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
 	[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
@@ -78663,66 +78668,79 @@ CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/232
 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/234
 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/231
 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/240
 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/242
 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/241
 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/243
 CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/235
 CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/237
 CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/238
 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/236
 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/239
 CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
 	- libde265 <unfixed>
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/233
 CVE-2020-21593
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -99,5 +99,9 @@ smarty3
   NOTE: 20210829: Track regression (abhijith)
   NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's reply (abhijith)
 --
+squashfs-tools (Thorsten Alteholz)
+--
 tiff (Utkarsh)
 --
+wordpress
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bebaed5a2110aad777d88e5f110c6f7bce1b44...d845a7c9a28017239882859058ffc48ce06ee970

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bebaed5a2110aad777d88e5f110c6f7bce1b44...d845a7c9a28017239882859058ffc48ce06ee970
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210923/5ebb5a6e/attachment.htm>

More information about the debian-security-tracker-commits mailing list