Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2024-38949[0]:
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
| attackers to crash the application via crafted payload to
Am Thu, Jun 20, 2024 at 01:46:41PM +0300 schrieb Adrian Bunk:
> Hi,
>
> attached are debdiffs for CVE-2024-5197/libvpx if this should be a DSA.
DSA has been released, thanks!
Cheers,
Moritz
Am Thu, Jun 20, 2024 at 01:46:41PM +0300 schrieb Adrian Bunk:
> Hi,
>
> attached are debdiffs for CVE-2024-5197/libvpx if this should be a DSA.
>
> Alternatively, I could also make pu requests instead.
Thanks, these look good. We can release these via -security, please
upload to security-master.
Hi Michael,
thanks for looking into this!
michael spreng wrote:
> The above mentioned patch to ffmpeg changes ffmpeg to remember the pts. But
> handbrake can remember the pts just as well. So see the attached patch which
> does exactly that: if the subtitle is incomplete, it saves the pts to the
>
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2023-49465[0]:
| Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow
| vulnerability in the derive_spatial_luma_vector_predi
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libheif.
CVE-2023-49460[0]:
| libheif v1.17.5 was discovered to contain a segmentation violation
| via the function UncompressedImageCodec::decode_uncomp
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2022-33064[0]:
| An off-by-one error in function wav_read_header in src/wav.c in
| Libsndfile 1.1.0, results in a write out of bound, whi
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2022-33065[0]:
| Multiple signed integers overflow in function au_read_header in
| src/au.c and in functions mat4_open and mat4_read_head
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.
https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb0207
Source: oggvideotools
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for oggvideotools.
CVE-2020-21722[0]:
| Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote
| attackers to run arbitrary code via openin
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-26590[0]:
| A floating point exception vulnerability was found in sox, in the
| lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw ca
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-32627[0]:
| A floating point exception vulnerability was found in sox, in the
| read_samples function at sox/src/voc.c:334:18. This flaw can lead
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-34318[0]:
| A heap buffer overflow vulnerability was found in sox, in the
| startread function at sox/src/hcom.c:160:41. This flaw can lead to a
|
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2023-34432[0]:
| A heap buffer overflow vulnerability was found in sox, in the
| lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can
| lead to
Source: kodi
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for kodi.
CVE-2023-30207[0]:
| A divide by zero issue discovered in Kodi Home Theater Software 19.5
| and earlier allows attackers to cause a denial of service via us
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters:
> Source: gpac
> Source-Version: 2.2.1+dfsg1-1
> Done: Reinhard Tartler
> Changes:
> gpac (2.2.1+dfsg1-1) experimental; urgency=medium
> .
>* New upstream version,
> closes: #1033116, #1034732, #1034187, #1036701, #103
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-2837[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.2.
https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e
Source: dav1d
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dav1d.
CVE-2023-32570[0]:
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that
| can lead to an application crash, related to dav1d_decode_fr
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2023-0841[0]:
| A vulnerability, which was classified as critical, has been found in
| GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-1448[1]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the functi
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2023-27102[0]:
| Libde265 v1.0.11 was discovered to contain a segmentation violation
| via the function decoder_context::process_slice_seg
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861ab
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2023-0996[0]:
| There is a vulnerability in the strided image data parsing code in the
| emscripten wrapper for libheif. An attacker could exploit
Source: opusfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for opusfile.
CVE-2022-47021[0]:
| A null pointer dereference issue was discovered in functions
| op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 t
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43235[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse i
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-43243[0]:
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
| vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in s
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-39236[0]:
| Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.
| Starting with version 17.1.0-rc.1, improperly formed beacon eve
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-33844[0]:
| A floating point exception (divide-by-zero) issue was discovered in
| SoX in functon startread() of wav.c file. An attacker with a crafte
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-23172[0]:
| A vulnerability was found in SoX, where a heap-buffer-overflow occurs
| in function startread() in hcom.c file. The vulnerability is
|
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sox.
CVE-2021-23159[0]:
| A vulnerability was found in SoX, where a heap-buffer-overflow occurs
| in function lsx_read_w_buf() in formats_i.c file. The vulnerab
Source: mplayer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mplayer.
CVE-2022-38600[0]:
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and
| vf_vo.c.
https://trac.mplayerhq.hu/ticket/2390#comment:2
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-38530[0]:
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a
| stack overflow when processing ISOM_IOD.
https://github.com
severity 1016986 normal
reassign 1016986 ftp.debian.org
retitle 1016986 RM: pd-py -- RoM; depends on Python 2
thanks
> Your package came up as a candidate for removal from Debian:
> - Still depends on Python 2, which is finally being removed in Bookworm
> - Last upload in 2018
>
> If you disagree
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-29339[0]:
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in
| utils/bitstream.c has a failed assertion, which causes a Denial of
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2022-2549[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| v2.1.0-DEV.
https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d
Source: wavpack
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for wavpack.
CVE-2022-2476[0]:
| A null pointer dereference bug was found in wavpack-5.4.0 The results
| from the ASAN log: AddressSanitizer:DEADLYSIGNAL ==
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-2453[0]:
| Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
h
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2020-21594[0]:
| libde265 v1.0.4 contains a heap buffer overflow in the
| put_epel_hv_fallback function, which can be exploited via a craf
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2022-1253[0]:
| Heap-based Buffer Overflow in GitHub repository strukturag/libde265
| prior to and including 1.0.8. The fix is established in
Source: faust
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for faust.
CVE-2021-41736[0]:
| Faust v2.35.0 was discovered to contain a heap-buffer overflow in the
| function realPropagate() at propagate.cpp.
https://github
Source: libgig
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libgig.
CVE-2021-32294[0]:
| An issue was discovered in libgig through 20200507. A heap-buffer-
| overflow exists in the function RIFF::List::GetSubList loca
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2021-4156[0]:
| An out-of-bounds read flaw was found in libsndfile's FLAC codec
| functionality. An attacker who is able to submit a spec
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2020-23109[0]:
| Buffer overflow vulnerability in function convert_colorspace in
| heif_colorconversion.cc in libheif v1.6.2, allows attackers
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-31650[0]:
| In SoX 14.4.2, there is a floating-point exception in
| lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651[1]:
| In SoX 14.4.2,
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2021-3246[0]:
| A heap buffer overflow vulnerability in msadpcm_decode_block of
| libsndfile 1.0.30 allows attackers to execute arbitrary cod
On Tue, Sep 03, 2019 at 06:50:02AM -0400, Scott Kitterman wrote:
> On Fri, 30 Aug 2019 07:23:42 + Matthias Klose wrote:
> > Package: src:libkate
> > Version: 0.4.1-9
> > Severity: normal
> > Tags: sid bullseye
> > User: debian-pyt...@lists.debian.org
> > Usertags: py2removal
> >
> > Python2 b
On Sun, Oct 14, 2018 at 03:16:27AM +0200, Javier Serrano Polo wrote:
> On Fri, 23 Mar 2018 18:23:51 +0800 Boyuan Yang <073p...@gmail.com>
> wrote:
> > lmms 1.2.0 is on its way.
>
> I will not package a candidate version unless this bug becomes serious.
> Efforts should be directed in helping upstr
On Sat, Jul 27, 2019 at 03:27:34PM -0300, Jonas Smedegaard wrote:
> Quoting James Cowgill (2019-07-27 12:48:23)
> > Hi,
> >
> > On 27/07/2019 15:52, Jonas Smedegaard wrote:
> > > Quoting James Cowgill (2019-07-27 11:12:00)
> > >> Hi,
> > >>
> > >>> ffmpeg currently links with libcrystalhd3.
> > >>
On Mon, Apr 08, 2019 at 08:31:43PM +0200, Moritz Muehlenhoff wrote:
> Package: ffmpeg
> Version: 7:4.1.1-1
> Severity: important
> Tags: security
>
> https://security-tracker.debian.org/tracker/CVE-2019-9718
> https://security-tracker.debian.org/tracker/CVE-2019-9721
>
> Both a fixed in the 4.1.3
On Tue, Apr 02, 2019 at 10:40:44PM -0400, Reinhard Tartler wrote:
> Ah, that's great news. I didn't realize that Moritz backported the
> security fixes to an earlier upstream version. I managed to locate the
> git commits but wasn't comfortable with backporting them to version 0.5.2,
> not all of t
On Tue, Mar 12, 2019 at 10:45:31PM +0100, jmm wrote:
> On Sun, Feb 10, 2019 at 07:48:12PM +0100, Moritz Muehlenhoff wrote:
> > Source: gpac
> > Severity: grave
> > Tags: security
>
> There's a 0.7.1 in NEW, but that won't be in time for buster, could you
> please upload a targeted fix for the open
On Sun, Feb 10, 2019 at 07:48:12PM +0100, Moritz Muehlenhoff wrote:
> Source: gpac
> Severity: grave
> Tags: security
There's a 0.7.1 in NEW, but that won't be in time for buster, could you
please upload a targeted fix for the open issues for 0.5?
https://security-tracker.debian.org/tracker/sourc
On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote:
> Control: found -1 2016.11.28-1
>
> On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote:
> > Source: liblivemedia
> > Severity: grave
> > Tags: security
> >
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256
On Mon, Oct 22, 2018 at 09:44:27AM +0100, James Cowgill wrote:
> Source: libopenmpt
> Version: 0.2.7025~beta20.1-1
> Severity: important
> Tags: security upstream fixed-upstream
>
> Hi,
>
> Upstream 0.3.13 released a fix for an out of bound read in malformed MED
> files. It affects stretch.
Does
54 matches
Mail list logo
