[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602

Hi Tobi,

On Sat, Jan 21, 2023 at 06:21:19PM +0100, Tobias Frost wrote:
> On Fri, 04 Feb 2022 13:14:48 +0100 Moritz Muehlenhoff <jmm@debian.org> wrote:
> > Source: libde265
> > Version: 1.0.8-1
> > Severity: grave
> > Tags: security
> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> > 
> > CVE-2020-21602:
> > https://github.com/strukturag/libde265/issues/242
> > 
> > CVE-2020-21600:
> > https://github.com/strukturag/libde265/issues/243
> > 
> > CVE-2020-21598:
> > https://github.com/strukturag/libde265/issues/237
> > 
> 
> I cannot reproduce those three bugs with the pocs in the issues. (using the version currently in sid,
> built with address sanitizer)
> Possibly already fixed… Tagging unreproducible.

if you suspect it's fixed upstream, can reproduce it with upstream's
mentioned affected but not with the newest HEAD, can you try to bisect
those to the fixing commits?

Regards,
Salvatore
Reply to: