[Git][security-tracker-team/security-tracker][master] new gstreamer issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 22 22:39:45 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6866b2d1 by Moritz Muehlenhoff at 2022-07-22T23:39:21+02:00
new gstreamer issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6347,7 +6347,9 @@ CVE-2022-26084
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompression. In ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
- dcmtk <unfixed> (bug #1014044)
[bullseye] - dcmtk <no-dsa> (Minor issue)
@@ -11764,17 +11766,29 @@ CVE-2022-31765
CVE-2022-31764
RESERVED
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo decompression ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip decompressio ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib decompressio ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert function ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0
CVE-2022-1920 (Integer overflow in matroskademux element in gst_matroska_demux_add_wv ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d
CVE-2022-1919
RESERVED
- firefox 101.0-1
=====================================
data/dsa-needed.txt
=====================================
@@ -22,6 +22,8 @@ freecad (aron)
--
gsasl (jmm)
--
+gst-plugins-good1.0
+--
jetty
--
kicad (jmm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6866b2d1c21d3f98cfc9c26aa60b1a1d7192758f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6866b2d1c21d3f98cfc9c26aa60b1a1d7192758f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220722/9a97ec44/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list