Bug#1021013: re-evaluate severity of 1021013

To: 1021013@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#1021013: re-evaluate severity of 1021013
From: Lorenzo <plorenzo@disroot.org>
Date: Wed, 8 Feb 2023 15:02:31 +0100
Message-id: <[🔎] 20230208150231.31252d86@lorenz.fritz.box>
Reply-to: Lorenzo <plorenzo@disroot.org>, 1021013@bugs.debian.org
References: <YzcBA7brSaM3JjM3@pisco.westfalen.local>

Dear Security Team,

CVE-2022-38600, CVE-2022-38864, CVE-2022-38861 are fixed in unstable;

also, according to upstream[1] CVE-2022-38856 seems to be fixed too,
although the exact commit that contains the fix is not identified.

as for CVE-2022-38862 it can't be reproduced upstream [2] and is
possibly caused by a buggy compiler of the reporter.

I think this bug can be downgraded to non RC severity (perhaps
important or normal?) until further info comes out. What is your
opinion?

Regards,
Lorenzo


[1] https://trac.mplayerhq.hu/ticket/2395
[2] https://trac.mplayerhq.hu/ticket/2404

Reply to:

Prev by Date: Processed: Re: sox: test failure on some mips64el machines
Next by Date: Bug#1021013: marked as done (mplayer: CVE-2022-38600 CVE-2022-38856 CVE-2022-38861 CVE-2022-38862 CVE-2022-38864)
Previous by thread: Processed: 939032 is fixed in unstable
Next by thread: Bug#1021013: marked as done (mplayer: CVE-2022-38600 CVE-2022-38856 CVE-2022-38861 CVE-2022-38862 CVE-2022-38864)
Index(es):
- Date
- Thread