Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f3c34a2 by Thorsten Alteholz at 2021-09-23T11:57:30+02:00
add wordpress
- - - - -
c1c66ce6 by Thorsten Alteholz at 2021-09-23T11:59:20+02:00
add squashfs-tools
- - - - -
864f0882 by Thorsten Alteholz at 2021-09-23T12:02:03+02:00
follow security team and mark some CVEs from gpac as ignored
- - - - -
d845a7c9 by Thorsten Alteholz at 2021-09-23T12:04:10+02:00
mark several CVEs from ligde265 as postponed until fixed upstream
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -22000,6 +22000,7 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in
GPAC 1.0.1 allows attacker
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced
later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
@@ -22009,12 +22010,14 @@ CVE-2021-32138 (The DumpTrackInfo function in GPAC
1.0.1 allows attackers to cau
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b
NOTE: https://github.com/gpac/gpac/issues/1767
CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in
MP4Box in ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
@@ -22024,6 +22027,7 @@ CVE-2021-32136 (Heap buffer overflow in the print_udta
function in MP4Box in GPA
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed
NOTE: https://github.com/gpac/gpac/issues/1765
CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to
cause a d ...)
@@ -22037,6 +22041,7 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC
1.0.1 allows attackers to
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced
later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
@@ -78663,66 +78668,79 @@ CVE-2020-21606 (libde265 v1.0.4 contains a heap
buffer overflow fault in the put
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/232
CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the
apply_sao_interna ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/234
CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the
_mm_loadl ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/231
CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the
put_qpel_0_0_fa ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/240
CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the
put_weighted_bi ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/242
CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the
put_qpel_fallb ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/241
CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the
put_weighted_pr ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the
de265_image::av ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/235
CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the
ff_hevc_put_unw ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/237
CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the
mc_chroma funct ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/238
CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the
decode_CABAC_ ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/236
CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma
functio ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/239
CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the
put_epel_hv_fal ...)
- libde265 <unfixed>
[bullseye] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/strukturag/libde265/issues/233
CVE-2020-21593
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -99,5 +99,9 @@ smarty3
NOTE: 20210829: Track regression (abhijith)
NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's
reply (abhijith)
--
+squashfs-tools (Thorsten Alteholz)
+--
tiff (Utkarsh)
--
+wordpress
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bebaed5a2110aad777d88e5f110c6f7bce1b44...d845a7c9a28017239882859058ffc48ce06ee970
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f6bebaed5a2110aad777d88e5f110c6f7bce1b44...d845a7c9a28017239882859058ffc48ce06ee970
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
