Am 21. Januar 2023 18:14:28 UTC schrieb Salvatore Bonaccorso <car...@debian.org>: >Hi Tobi, > >On Sat, Jan 21, 2023 at 06:21:19PM +0100, Tobias Frost wrote: >> On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff <j...@debian.org> >> wrote: >> > Source: libde265 >> > Version: 1.0.8-1 >> > Severity: grave >> > Tags: security >> > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> >> > >> > CVE-2020-21602: >> > https://github.com/strukturag/libde265/issues/242 >> > >> > CVE-2020-21600: >> > https://github.com/strukturag/libde265/issues/243 >> > >> > CVE-2020-21598: >> > https://github.com/strukturag/libde265/issues/237 >> > >> >> I cannot reproduce those three bugs with the pocs in the issues. (using the >> version currently in sid, >> built with address sanitizer) >> Possibly already fixed… Tagging unreproducible. > >if you suspect it's fixed upstream, can reproduce it with upstream's >mentioned affected but not with the newest HEAD, can you try to bisect >those to the fixing commits? > >Regards, >Salvatore
yes, that's my plan - also for the ones in the other bugd (just ran out of time for today)