[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-21598 CVE-2020-21600 and CVE-2020-21602
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 22 08:57:18 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf997f0e by Salvatore Bonaccorso at 2023-01-22T09:55:48+01:00
Update status for CVE-2020-21598 CVE-2020-21600 and CVE-2020-21602
Ad investigated by Tobias Frost those issues are fixed in 1.0.9 upstream
as well, cf. https://bugs.debian.org/1004963#34 .
Link: https://bugs.debian.org/1004963#34
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -183412,7 +183412,7 @@ CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
- - libde265 <unfixed> (bug #1004963)
+ - libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183424,7 +183424,7 @@ CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
- - libde265 <unfixed> (bug #1004963)
+ - libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183437,7 +183437,7 @@ CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_ima
NOTE: https://github.com/strukturag/libde265/issues/235
NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9)
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
- - libde265 <unfixed> (bug #1004963)
+ - libde265 1.0.9-1 (bug #1004963)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf997f0ecbd929083358b443f0e920f0d2972e9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf997f0ecbd929083358b443f0e920f0d2972e9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230122/e24f62b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list