[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: update liblivemedia entry

Sat, 11 May 2019 02:14:43 -0700 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d5a9e1fe by Hugo Lefeuvre at 2019-05-11T09:13:43Z
dla-needed: update liblivemedia entry

- - - - -
7dfd6d15 by Hugo Lefeuvre at 2019-05-11T09:13:44Z
faad2: CVE-2018-2019{7,8} fixed by 2.8.8-2

Both are very similar (not quite duplicates, but still) to
CVE-2018-20362 and CVE-2018-20194. They have been fixed by 2.8.8-2.
See upstream bug reports for more information.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22538,13 +22538,16 @@ CVE-2018-20199 (A NULL pointer dereference was 
discovered in ifilter_bank of lib
        [stretch] - faad2 <no-dsa> (Minor issue)
        NOTE: https://github.com/knik0/faad2/issues/24
 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of 
libfaad/f ...)
-       - faad2 <unfixed> (low)
-       [buster] - faad2 <no-dsa> (Minor issue)
+       - faad2 2.8.8-2 (low)
        [stretch] - faad2 <no-dsa> (Minor issue)
        NOTE: https://github.com/knik0/faad2/issues/23
+       NOTE: same underlying issue as CVE-2018-20362, same fix:
+       NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance 
of the c ...)
-       - faad2 <unfixed>
+       - faad2 2.8.8-2
        NOTE: https://github.com/knik0/faad2/issues/20
+       NOTE: very similar to CVE-2018-20194, same fix:
+       NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance 
of the ca ...)
        - faad2 <unfixed>
        NOTE: https://github.com/knik0/faad2/issues/19


=====================================
data/dla-needed.txt
=====================================
@@ -64,6 +64,8 @@ libav
 liblivemedia (Hugo Lefeuvre)
   NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle
   NOTE: 20190502: not sure upstream was aware of them, contacted them via 
live555 ML.
+  NOTE: 20190511: my message on the ML is (still!) awaiting moderation, so I 
continue
+  NOTE: to doubt that they are aware of these CVEs.
 --
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at 
them.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab05d72796669e1a35ad2a53f03884202b84a26a...7dfd6d15390de8a69225594441f8ed285f48f213

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab05d72796669e1a35ad2a53f03884202b84a26a...7dfd6d15390de8a69225594441f8ed285f48f213
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to