[Git][security-tracker-team/security-tracker][master] Two more libde265 issues (fixed in sid/bullseye)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 6 16:45:51 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b280654 by Moritz Muehlenhoff at 2023-03-06T17:45:05+01:00
Two more libde265 issues (fixed in sid/bullseye)

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17352,9 +17352,15 @@ CVE-2022-47667
 CVE-2022-47666
 	RESERVED
 CVE-2022-47665 (Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image ...)
-	TODO: check
+	{DSA-5346-1}
+	- libde265 1.0.11-1
+	NOTE: https://github.com/strukturag/libde265/issues/369
+	NOTE: https://github.com/strukturag/libde265/commit/2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 (v1.0.10)
 CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qp ...)
-	TODO: check
+	{DSA-5346-1}
+	- libde265 1.0.11-1
+	NOTE: https://github.com/strukturag/libde265/issues/368
+	NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10)
 CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <no-dsa> (Minor issue)


=====================================
data/DSA/list
=====================================
@@ -68,7 +68,7 @@
 	{CVE-2022-44267 CVE-2022-44268}
 	[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u1
 [10 Feb 2023] DSA-5346-1 libde265 - security update
-	{CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655 CVE-2023-25221 CVE-2023-24758 CVE-2023-24757 CVE-2023-24756 CVE-2023-24755 CVE-2023-24754 CVE-2023-24752 CVE-2023-24751}
+	{CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655 CVE-2023-25221 CVE-2023-24758 CVE-2023-24757 CVE-2023-24756 CVE-2023-24755 CVE-2023-24754 CVE-2023-24752 CVE-2023-24751 CVE-2022-47665 CVE-2022-47664}
 	[bullseye] - libde265 1.0.11-0+deb11u1
 [08 Feb 2023] DSA-5345-1 chromium - security update
 	{CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2806543be03fba18abb950d0cd2646c9ab4d24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2806543be03fba18abb950d0cd2646c9ab4d24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/c650938c/attachment.htm>

More information about the debian-security-tracker-commits mailing list