Your message dated Mon, 28 Oct 2024 18:56:39 +0000
with message-id <[email protected]>
and subject line Bug#1082801: Removed package(s) from unstable
has caused the Debian Bug report #1082866,
regarding intel-mediasdk: CVE-2023-22656 CVE-2023-45221 CVE-2023-47169
CVE-2023-47282 CVE-2023-48368 CVE-2023-48727
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082866
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: intel-mediasdk
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for intel-mediasdk.
CVE-2023-22656[0]:
| Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL
| software before version 23.3.5 may allow an authenticated user to
| potentially enable escalation of privilege via local access.
CVE-2023-45221[1]:
| Improper buffer restrictions in Intel(R) Media SDK all versions may
| allow an authenticated user to potentially enable escalation of
| privilege via local access.
CVE-2023-47169[2]:
| Improper buffer restrictions in Intel(R) Media SDK software all
| versions may allow an authenticated user to potentially enable
| denial of service via local access.
CVE-2023-47282[3]:
| Out-of-bounds write in Intel(R) Media SDK all versions and some
| Intel(R) oneVPL software before version 23.3.5 may allow an
| authenticated user to potentially enable escalation of privilege via
| local access.
CVE-2023-48368[4]:
| Improper input validation in Intel(R) Media SDK software all
| versions may allow an authenticated user to potentially enable
| denial of service via local access.
CVE-2023-48727[5]:
| NULL pointer dereference in some Intel(R) oneVPL software before
| version 23.3.5 may allow an authenticated user to potentially enable
| information disclosure via local access.
Sadly there's no specific information, just the very high level advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-22656
https://www.cve.org/CVERecord?id=CVE-2023-22656
[1] https://security-tracker.debian.org/tracker/CVE-2023-45221
https://www.cve.org/CVERecord?id=CVE-2023-45221
[2] https://security-tracker.debian.org/tracker/CVE-2023-47169
https://www.cve.org/CVERecord?id=CVE-2023-47169
[3] https://security-tracker.debian.org/tracker/CVE-2023-47282
https://www.cve.org/CVERecord?id=CVE-2023-47282
[4] https://security-tracker.debian.org/tracker/CVE-2023-48368
https://www.cve.org/CVERecord?id=CVE-2023-48368
[5] https://security-tracker.debian.org/tracker/CVE-2023-48727
https://www.cve.org/CVERecord?id=CVE-2023-48727
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 22.5.4-1+rm
Dear submitter,
as the package intel-mediasdk has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1082801
The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)
--- End Message ---
