[Git][security-tracker-team/security-tracker][master] faad2 DSA

Sun Mar 27 20:17:20 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46a79c1c by Moritz Mühlenhoff at 2022-03-27T21:16:46+02:00
faad2 DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -218056,7 +218056,6 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
 CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
 	{DLA-2792-1 DLA-1899-1}
 	- faad2 2.8.8-3.1 (low)
-	[buster] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/24
 	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
@@ -218074,7 +218073,6 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
 	{DLA-1899-1}
 	- faad2 2.8.8-3.1 (low)
-	[buster] - faad2 <no-dsa> (Minor issue)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/19
 	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Mar 2022] DSA-5109-1 faad2 - security update
+	{CVE-2018-20196 CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32272 CVE-2021-32273 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
+	[buster] - faad2 2.10.0-1~deb10u1
 [24 Mar 2022] DSA-5108-1 tiff - security update
 	{CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844}
 	[buster] - tiff 4.1.0+git191117-2~deb10u4


=====================================
data/dsa-needed.txt
=====================================
@@ -16,8 +16,6 @@ asterisk/oldstable
 --
 condor/oldstable
 --
-faad2/oldstable (jmm)
---
 fish/stable
 --
 freecad (aron)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a79c1c8d006e50b74741d49fc30bc09292a067

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a79c1c8d006e50b74741d49fc30bc09292a067
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220327/169990c1/attachment-0001.htm>
