[Git][security-tracker-team/security-tracker][master] Amend DLA-3240-1 with CVE's that have been fixed with this upload already,...

Tobias Frost (@tobi) tobi at debian.org
Wed Jan 25 09:06:59 GMT 2023



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c278a846 by Tobias Frost at 2023-01-25T10:06:38+01:00
Amend DLA-3240-1 with CVE's that have been fixed with this upload already, remove buster references in the CVE list.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -184526,43 +184526,36 @@ CVE-2020-21607
 CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/232
 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/234
 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/231
 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/240
 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
 	- libde265 1.0.9-1 (bug #1004963)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/242
 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/241
 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
 	- libde265 1.0.9-1 (bug #1004963)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/243
 CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
@@ -184593,7 +184586,6 @@ CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_
 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
 	- libde265 1.0.9-1 (bug #1014999)
 	[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
-	[buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/strukturag/libde265/issues/239
 CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)


=====================================
data/DLA/list
=====================================
@@ -122,7 +122,7 @@
 	{CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882}
 	[buster] - firefox-esr 102.6.0esr-1~deb10u1
 [15 Dec 2022] DLA-3240-1 libde265 - security update
-	{CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411}
+	{CVE-2020-21595 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411}
 	[buster] - libde265 1.0.3-1+deb10u1
 [14 Dec 2022] DLA-3239-2 git - regression update
 	[buster] - git 1:2.20.1-2+deb10u6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c278a846fe7759e179b7c1e33761972c0e7c8789

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c278a846fe7759e179b7c1e33761972c0e7c8789
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230125/77314b70/attachment.htm>


More information about the debian-security-tracker-commits mailing list