Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: d5a9e1fe by Hugo Lefeuvre at 2019-05-11T09:13:43Z dla-needed: update liblivemedia entry - - - - - 7dfd6d15 by Hugo Lefeuvre at 2019-05-11T09:13:44Z faad2: CVE-2018-2019{7,8} fixed by 2.8.8-2 Both are very similar (not quite duplicates, but still) to CVE-2018-20362 and CVE-2018-20194. They have been fixed by 2.8.8-2. See upstream bug reports for more information. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -22538,13 +22538,16 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/24 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...) - - faad2 <unfixed> (low) - [buster] - faad2 <no-dsa> (Minor issue) + - faad2 2.8.8-2 (low) [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/23 + NOTE: same underlying issue as CVE-2018-20362, same fix: + NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...) - - faad2 <unfixed> + - faad2 2.8.8-2 NOTE: https://github.com/knik0/faad2/issues/20 + NOTE: very similar to CVE-2018-20194, same fix: + NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...) - faad2 <unfixed> NOTE: https://github.com/knik0/faad2/issues/19 ===================================== data/dla-needed.txt ===================================== @@ -64,6 +64,8 @@ libav liblivemedia (Hugo Lefeuvre) NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle NOTE: 20190502: not sure upstream was aware of them, contacted them via live555 ML. + NOTE: 20190511: my message on the ML is (still!) awaiting moderation, so I continue + NOTE: to doubt that they are aware of these CVEs. -- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab05d72796669e1a35ad2a53f03884202b84a26a...7dfd6d15390de8a69225594441f8ed285f48f213 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ab05d72796669e1a35ad2a53f03884202b84a26a...7dfd6d15390de8a69225594441f8ed285f48f213 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits