Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88948df1 by Salvatore Bonaccorso at 2022-09-16T21:08:53+02:00
Process some more mplayer related CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4399,23 +4399,36 @@ CVE-2022-38860 (Certain The MPlayer Project products
are vulnerable to Divide By
CVE-2022-38859
RESERVED
CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2396
+ NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca
(r38385)
CVE-2022-38857
RESERVED
CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2395
+ TODO: Fixed by other fixes, but not pin pointed upstream, try to
isolate revision to fix issue
CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2392
+ NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7
(r38384)
CVE-2022-38854
RESERVED
CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer
Overflow ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2398
+ NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e
(r38380)
+ NOTE: Followup:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8
(r38392)
CVE-2022-38852
RESERVED
CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to
Out-of-bounds R ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2393
+ NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935
(r38382)
CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable
to Divide ...)
- TODO: check
+ - mplayer <unfixed>
+ NOTE: https://trac.mplayerhq.hu/ticket/2399
+ NOTE:
https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b
(r38390)
CVE-2022-38849
RESERVED
CVE-2022-38848
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88948df1df3aec9bac2a5e5196b239d2f63cf3e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88948df1df3aec9bac2a5e5196b239d2f63cf3e8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
