[Git][security-tracker-team/security-tracker][master] Add some libde265 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 23 13:49:50 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b89b20bf by Salvatore Bonaccorso at 2022-01-23T14:49:26+01:00
Add some libde265 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33741,15 +33741,19 @@ CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in G
 	NOTE: https://github.com/gpac/gpac/issues/1838
 	NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
 CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/302
 CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/301
 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
 	NOT-FOR-US: Bitdefender
 CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/300
 CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/299
 CVE-2021-36407
 	RESERVED
 CVE-2021-36406
@@ -36122,7 +36126,8 @@ CVE-2021-35454
 CVE-2021-35453
 	RESERVED
 CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
-	TODO: check
+	- libde265 <unfixed>
+	NOTE: https://github.com/strukturag/libde265/issues/298
 CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...)
 	NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
 CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b89b20bff776f2646dc7f536b4880386ffbbe923

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b89b20bff776f2646dc7f536b4880386ffbbe923
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220123/fb65d79c/attachment.htm>

More information about the debian-security-tracker-commits mailing list