[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-21598 CVE-2020-21600 and CVE-2020-21602

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 22 08:57:18 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf997f0e by Salvatore Bonaccorso at 2023-01-22T09:55:48+01:00
Update status for CVE-2020-21598 CVE-2020-21600 and CVE-2020-21602

Ad investigated by Tobias Frost those issues are fixed in 1.0.9 upstream
as well, cf. https://bugs.debian.org/1004963#34 .

Link: https://bugs.debian.org/1004963#34

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -183412,7 +183412,7 @@ CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/240
 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
-	- libde265 <unfixed> (bug #1004963)
+	- libde265 1.0.9-1 (bug #1004963)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183424,7 +183424,7 @@ CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/241
 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
-	- libde265 <unfixed> (bug #1004963)
+	- libde265 1.0.9-1 (bug #1004963)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183437,7 +183437,7 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_ima
 	NOTE: https://github.com/strukturag/libde265/issues/235
 	NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9)
 CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
-	- libde265 <unfixed> (bug #1004963)
+	- libde265 1.0.9-1 (bug #1004963)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf997f0ecbd929083358b443f0e920f0d2972e9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf997f0ecbd929083358b443f0e920f0d2972e9d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230122/e24f62b8/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list