Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602

To: 1004963@bugs.debian.org
Subject: Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602
From: Tobias Frost <tobi@sviech.de>
Date: Sat, 21 Jan 2023 18:21:19 +0100
Message-id: <[🔎] 7eab0f25cda1b5942a2aeab7966c23f2a74e4a34.camel@sviech.de>
Reply-to: Tobias Frost <tobi@sviech.de>, 1004963@bugs.debian.org
In-reply-to: <164397688816.47208.8162297395783436336.reportbug@hullmann.westfalen.local>
References: <164397688816.47208.8162297395783436336.reportbug@hullmann.westfalen.local> <164397688816.47208.8162297395783436336.reportbug@hullmann.westfalen.local>

On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff <jmm@debian.org> wrote:
> Source: libde265
> Version: 1.0.8-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> 
> CVE-2020-21602:
> https://github.com/strukturag/libde265/issues/242
> 
> CVE-2020-21600:
> https://github.com/strukturag/libde265/issues/243
> 
> CVE-2020-21598:
> https://github.com/strukturag/libde265/issues/237
> 

I cannot reproduce those three bugs with the pocs in the issues. (using the version currently in sid,
built with address sanitizer)
Possibly already fixed… Tagging unreproducible.

-- 
tobi

Reply to:

Follow-Ups:
- Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Processed: cloning 1027179, retitle -1 to libde265: CVE-2022-43245 CVE-2022-43249 ...
Next by Date: Processed: tagging 1004963
Previous by thread: Processed: cloning 1027179, retitle -1 to libde265: CVE-2022-43245 CVE-2022-43249 ...
Next by thread: Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602
Index(es):
- Date
- Thread