[Git][security-tracker-team/security-tracker][master] libde265 DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 10 19:33:13 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4275cfb5 by Moritz Mühlenhoff at 2023-02-10T20:31:55+01:00
libde265 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11387,7 +11387,6 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Ov
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
{DLA-3280-1}
- libde265 1.0.9-1.1
- [bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
NOTE: https://github.com/strukturag/libde265/pull/376
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
@@ -68468,7 +68467,6 @@ CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 1
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <not-affected> (Vulnerable code introduced later)
[stretch] - libde265 <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
@@ -119499,14 +119497,12 @@ CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in G
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/302
NOTE: https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c
CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/301
NOTE: https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355
@@ -119515,14 +119511,12 @@ CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vu
CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/300
NOTE: https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c
CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/299
NOTE: https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911
@@ -121961,7 +121955,6 @@ CVE-2021-35453
CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/298
NOTE: https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d
@@ -187967,75 +187960,63 @@ CVE-2020-21607
CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/235
NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9)
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
{DLA-3280-1 DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
{DLA-3280-1 DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
{DLA-3280-1}
- libde265 1.0.11-1 (bug #1029397)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
NOTE: https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c (v1.0.10)
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/239
CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Feb 2023] DSA-5346-1 libde265 - security update
+ {CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655}
+ [bullseye] - libde265 1.0.11-0+deb11u1
[08 Feb 2023] DSA-5345-1 chromium - security update
{CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}
[bullseye] - chromium 110.0.5481.77-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -25,8 +25,6 @@ imagemagick (jmm)
jupyter-core
Maintainer asked for availability to prepare updates
--
-libde265
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4275cfb538b167bd5474be5e4a67718703230dfc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4275cfb538b167bd5474be5e4a67718703230dfc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230210/7a0c62bd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list