[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602

Am 21. Januar 2023 18:14:28 UTC schrieb Salvatore Bonaccorso <carnil@debian.org>:
>Hi Tobi,
>
>On Sat, Jan 21, 2023 at 06:21:19PM +0100, Tobias Frost wrote:
>> On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff <jmm@debian.org> wrote:
>> > Source: libde265
>> > Version: 1.0.8-1
>> > Severity: grave
>> > Tags: security
>> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>> > 
>> > CVE-2020-21602:
>> > https://github.com/strukturag/libde265/issues/242
>> > 
>> > CVE-2020-21600:
>> > https://github.com/strukturag/libde265/issues/243
>> > 
>> > CVE-2020-21598:
>> > https://github.com/strukturag/libde265/issues/237
>> > 
>> 
>> I cannot reproduce those three bugs with the pocs in the issues. (using the version currently in sid,
>> built with address sanitizer)
>> Possibly already fixed… Tagging unreproducible.
>
>if you suspect it's fixed upstream, can reproduce it with upstream's
>mentioned affected but not with the newest HEAD, can you try to bisect
>those to the fixing commits?
>
>Regards,
>Salvatore

yes, that's my plan - also for the ones in the other bugd (just ran out of time for today)
Reply to: