[Git][security-tracker-team/security-tracker][master] 2 commits: Update information for several CVEs addressed in libde265/1.0.9 upstream
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 22 14:13:04 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
428ae8cd by Salvatore Bonaccorso at 2023-01-22T15:09:32+01:00
Update information for several CVEs addressed in libde265/1.0.9 upstream
- - - - -
08198e14 by Salvatore Bonaccorso at 2023-01-22T15:11:26+01:00
Update information for CVE fixes via libde265/1.0.9-1.1 upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7031,7 +7031,7 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Ov
NOTE: https://github.com/gpac/gpac/issues/2353
NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
- - libde265 <unfixed>
+ - libde265 1.0.9-1.1
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
@@ -23694,21 +23694,21 @@ CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain
NOTE: https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6
NOTE: Negligible security impact
CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1025816)
+ - libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/348
CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/347
CVE-2022-43251
RESERVED
CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/346
CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- libde265 <unfixed> (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/345
CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1025816)
+ - libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/349
CVE-2022-43247
RESERVED
@@ -23718,34 +23718,34 @@ CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violati
- libde265 <unfixed> (bug #1029357)
NOTE: https://github.com/strukturag/libde265/issues/352
CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/342
CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1025816)
+ - libde265 1.0.9-1.1 (bug #1025816)
NOTE: https://github.com/strukturag/libde265/issues/339
CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/340
CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/335
CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/341
CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/338
CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/344
CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/343
CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...)
- - libde265 <unfixed> (bug #1027179)
+ - libde265 1.0.9-1.1 (bug #1027179)
NOTE: https://github.com/strukturag/libde265/issues/337
CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments component o ...)
NOT-FOR-US: Hoosk CMS
@@ -183391,25 +183391,25 @@ CVE-2020-21608
CVE-2020-21607
RESERVED
CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183421,7 +183421,7 @@ CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weigh
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183446,7 +183446,7 @@ CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_p
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -183458,7 +183458,7 @@ CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
- - libde265 <unfixed> (bug #1014999)
+ - libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae25d0ebc9e3a7a296e82d3672e8c420a756f0fd...08198e1416a448a54568011f55465c422f63cd24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae25d0ebc9e3a7a296e82d3672e8c420a756f0fd...08198e1416a448a54568011f55465c422f63cd24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230122/a44b8efc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list