[Git][security-tracker-team/security-tracker][master] Process some more mplayer related CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88948df1 by Salvatore Bonaccorso at 2022-09-16T21:08:53+02:00
Process some more mplayer related CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4399,23 +4399,36 @@ CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By
 CVE-2022-38859
 	RESERVED
 CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2396
+	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385)
 CVE-2022-38857
 	RESERVED
 CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2395
+	TODO: Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue
 CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2392
+	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384)
 CVE-2022-38854
 	RESERVED
 CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2398
+	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380)
+	NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392)
 CVE-2022-38852
 	RESERVED
 CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2393
+	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382)
 CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...)
-	TODO: check
+	- mplayer <unfixed>
+	NOTE: https://trac.mplayerhq.hu/ticket/2399
+	NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b (r38390)
 CVE-2022-38849
 	RESERVED
 CVE-2022-38848



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88948df1df3aec9bac2a5e5196b239d2f63cf3e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88948df1df3aec9bac2a5e5196b239d2f63cf3e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/0dd98393/attachment.htm>