Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6866b2d1 by Moritz Muehlenhoff at 2022-07-22T23:39:21+02:00
new gstreamer issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6347,7 +6347,9 @@ CVE-2022-26084
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to
CSRF whi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib
decompression. In ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer
derefer ...)
- dcmtk <unfixed> (bug #1014044)
[bullseye] - dcmtk <no-dsa> (Minor issue)
@@ -11764,17 +11766,29 @@ CVE-2022-31765
CVE-2022-31764
RESERVED
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using
HEADERSTRIP decom ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo
decompression ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip
decompressio ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib
decompressio ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966
CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert
function ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0
CVE-2022-1920 (Integer overflow in matroskademux element in
gst_matroska_demux_add_wv ...)
- TODO: check
+ - gst-plugins-good1.0 <unfixed>
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226
+ NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d
CVE-2022-1919
RESERVED
- firefox 101.0-1
=====================================
data/dsa-needed.txt
=====================================
@@ -22,6 +22,8 @@ freecad (aron)
--
gsasl (jmm)
--
+gst-plugins-good1.0
+--
jetty
--
kicad (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6866b2d1c21d3f98cfc9c26aa60b1a1d7192758f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6866b2d1c21d3f98cfc9c26aa60b1a1d7192758f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
