Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4275cfb5 by Moritz Mühlenhoff at 2023-02-10T20:31:55+01:00
libde265 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11387,7 +11387,6 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd
is vulnerable to Buffer Ov
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function
void put_q ...)
{DLA-3280-1}
- libde265 1.0.9-1.1
- [bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
NOTE: https://github.com/strukturag/libde265/pull/376
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
@@ -68468,7 +68467,6 @@ CVE-2022-1254 (A URL redirection vulnerability in
Skyhigh SWG in main releases 1
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository
strukturag/libde265 pr ...)
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[buster] - libde265 <not-affected> (Vulnerable code introduced later)
[stretch] - libde265 <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
@@ -119499,14 +119497,12 @@ CVE-2021-36412 (A heap-based buffer overflow
vulnerability exists in MP4Box in G
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect
access con ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/302
NOTE:
https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c
CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via
fallback-motion. ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/301
NOTE:
https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355
@@ -119515,14 +119511,12 @@ CVE-2021-3641 (Improper Link Resolution Before File
Access ('Link Following') vu
CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1'
failed at ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/300
NOTE:
https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c
CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a
Heap-use-after-f ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/299
NOTE:
https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911
@@ -121961,7 +121955,6 @@ CVE-2021-35453
CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265
v1.0.8 du ...)
{DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/298
NOTE:
https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d
@@ -187967,75 +187960,63 @@ CVE-2020-21607
CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the
put_epel_ ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the
apply_sao_interna ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the
_mm_loadl ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the
put_qpel_0_0_fa ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the
put_weighted_bi ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the
put_qpel_fallb ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the
put_weighted_pr ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the
de265_image::av ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/235
NOTE:
https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25
(v1.0.9)
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the
ff_hevc_put_unw ...)
{DLA-3280-1 DLA-3240-1}
- libde265 1.0.9-1 (bug #1004963)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the
mc_chroma funct ...)
{DLA-3280-1 DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the
decode_CABAC_ ...)
{DLA-3280-1}
- libde265 1.0.11-1 (bug #1029397)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
NOTE:
https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c
(v1.0.10)
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma
functio ...)
{DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
- [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/239
CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the
put_epel_hv_fal ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Feb 2023] DSA-5346-1 libde265 - security update
+ {CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597
CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602
CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-35452
CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253
CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239
CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43244
CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 CVE-2022-43250 CVE-2022-43252
CVE-2022-43253 CVE-2022-47655}
+ [bullseye] - libde265 1.0.11-0+deb11u1
[08 Feb 2023] DSA-5345-1 chromium - security update
{CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700
CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705}
[bullseye] - chromium 110.0.5481.77-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -25,8 +25,6 @@ imagemagick (jmm)
jupyter-core
Maintainer asked for availability to prepare updates
--
-libde265
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4275cfb538b167bd5474be5e4a67718703230dfc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4275cfb538b167bd5474be5e4a67718703230dfc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
