[Git][security-tracker-team/security-tracker][master] Track fixed version for three libde265 issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 3 04:58:01 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac4f4ef7 by Salvatore Bonaccorso at 2023-02-03T05:57:31+01:00
Track fixed version for three libde265 issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26472,8 +26472,9 @@ CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
 	NOTE: https://github.com/strukturag/libde265/issues/346
 CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
 	{DLA-3280-1}
-	- libde265 <unfixed> (bug #1027179)
+	- libde265 1.0.11-1 (bug #1027179)
 	NOTE: https://github.com/strukturag/libde265/issues/345
+	NOTE: https://github.com/strukturag/libde265/pull/373
 CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
 	{DLA-3280-1}
 	- libde265 1.0.9-1.1 (bug #1025816)
@@ -26484,8 +26485,9 @@ CVE-2022-43246
 	RESERVED
 CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violation via ...)
 	{DLA-3280-1}
-	- libde265 <unfixed> (bug #1029357)
+	- libde265 1.0.11-1 (bug #1029357)
 	NOTE: https://github.com/strukturag/libde265/issues/352
+	NOTE: https://github.com/strukturag/libde265/commit/ad291690a8c92218b9e86738edd45ed64736b246 (v1.0.10)
 CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
 	{DLA-3280-1}
 	- libde265 1.0.9-1.1 (bug #1027179)
@@ -186301,10 +186303,11 @@ CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma
 	NOTE: https://github.com/strukturag/libde265/issues/238
 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
 	{DLA-3280-1}
-	- libde265 <unfixed> (bug #1029397)
+	- libde265 1.0.11-1 (bug #1029397)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/236
+	NOTE: https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c (v1.0.10)
 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
 	{DLA-3240-1}
 	- libde265 1.0.9-1 (bug #1014999)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4f4ef76d4c9f3751ac59a4a169476adb66fb9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4f4ef76d4c9f3751ac59a4a169476adb66fb9c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230203/8fa4fa4d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list