Control: tags -1 moreinfo
On Tue, 23 Jan 2018 19:59:48 -0500 Alex Gaynor wrote:
> Package: libde265-0
> Severity: normal
>
> Currently libde265-0 provides dynamic libraries, however I have a use case
> where it'd be great if static libraries were also provided.
>
I was stumbling accross this b
s: #981260)
+
+ -- Tobias Frost Sun, 22 Jan 2023 13:19:20 +0100
+
libde265 (1.0.9-1) unstable; urgency=medium
* Add "Rules-Requires-Root: no".
- * New upstream version 1.0.9
+ * New upstream version 1.0.9.
+Bisecting shows that this version fixed this CVES:
+ - CVE-2020-21598, CVE-
Bisect results.
ONE CORRECTION: I can*not* reproduce CVE-2020-21601, this was an error
yesterday.
TL;DR: (Debian centric, see below if you want the commits)
CVE-2020-21594 -- likely fixed in v1.0.3, or some regression made it reappear
later.
CVE-2020-21595 -- fixed in v1.0.9
CVE-2020-21596
Note: I've splitted the bugs as the NMU I'm currently preparing is only
covering a subset of those CVEs, namely NOT those in #1029357
I've retitled the bugs accordingly, so that they reflect that.
Control: tags -1 fixed 1.0.9-1
TL;DR:
bisecting result. They are all fixed in the upstream 1.0.9 release, marking
this as such.
(I'll ammend d/changelog when I prepare my NMU. I'll keep bug open until the
NMU is in the archives.)
The poc is no longer triggering with the state in the master br
Am 21. Januar 2023 18:14:28 UTC schrieb Salvatore Bonaccorso
:
>Hi Tobi,
>
>On Sat, Jan 21, 2023 at 06:21:19PM +0100, Tobias Frost wrote:
>> On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff
>> wrote:
>> > Source: libde265
>> > Version: 1.0.8-1
&
Retesting to see if my patches have any effects on this.
"Cannot reproduce" means I cannot reproduce without my patches applied.
TL;DR: Can reproduce CVE-2020-21596, CVE-2020-21601.
--
tobi
On Sat, 16 Jul 2022 00:32:59 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
wrote:
> Source: libde265
> X-Deb
On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff wrote:
> Source: libde265
> Version: 1.0.8-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2020-21602:
> https://github.com/strukturag/libde265/issues/242
>
> CVE-2020-21600:
> https://github.com/strukturag/
Control: tags -1 patch
Hi,
A while ago I've debugged into this issue and proposed a patch upstream.
Unfortunatly there is no feedback from upstream,
but I'm confident that my patch will at least improve things; The very least
they stop the upstream provided pocs to stop
working for those CVEs:
Control: tags -1 patch
Hi,
A while ago I've debugged into this issue and proposed a patch upstream.
Unfortunatly there is no feedback from upstream,
but I'm confident that my patch will at least improve things; The very least
they stop the upstream provided pocs to stop
working for those CVEs:
Control: unblock 997080 by 1001457
On Tue, 23 Aug 2022 10:11:17 +0200 Tobias Frost wrote:
> Source: openvdb
> Followup-For: Bug #997080
> Control: tags -1 +patch
>
> MR at https://salsa.debian.org/multimedia-team/openvdb/-/merge_requests/1
> fixes this FTBFS,
> (MR
Source: openvdb
Followup-For: Bug #997080
Control: tags -1 +patch
MR at https://salsa.debian.org/multimedia-team/openvdb/-/merge_requests/1 fixes
this FTBFS,
(MR made for the version currently in experimental)
--
tobi
As I saw this too when setting up kodi on an raspi4:
I needed to edit etc/X11/Xwrapper.config to say:
needs_root_rights=yes
allowed_users=anybody
Hope this helps soneone. Note that these settings have security implications
this is OK my use case but might be not on others.
--
tobi
Control: forwarded -1 https://github.com/xbmc/xbmc/pull/14501
Control: fixed -1 2:18.5+dfsg1-1~exp0
^^ fixed upstream with this pull request ^^
d/changelog misses the CVE entry, therefore not closing this bug.
Control: forwarded -1 https://github.com/xbmc/xbmc/pull/7141
^^ Updating forwarded; seems to have been fixed upstream in this pull request ^^
Left open as the debian changelog needs to mention this has been fixed.
This seems to be fixed in 16.0-Jarvis, in likely with Debian 16.0+dfsg1-1.
--
tobi
Control: fixed -1 kodi/14.0+dfsg1-1
On Thu, 29 Aug 2013 11:59:11 +0200 Raphael Geissert wrote:
> Source: libraw
> Severity: important
> Tags: security
> Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: forwarded -1 https://github.com/xbmc/xbmc/pull/4179
(well, the forwarded url is not the bug,
Control: retitle -1 kodi: Please package (stable) version 18.9
My kodi instance tells me that there is an stable release 18.9…
So maybe, while we wait for 19 to be released, can we get this version ;-)
TIA!
--
Cheers,
tobi
Control: severity -1 important
Control: close -1
On Wed, 09 Sep 2020 08:33:00 + Vasyl Gello wrote:
> Control: reopen !
>
> I am reopening this bug as mipsel test failures are caused by ld.gold usage
filed separately.
Those issue* seems not to be related to this bug, so I don't think reopeni
18 matches
Mail list logo
