LTS Link to heading
Released DLAs Link to heading
-
DLA-2812-1 botan1.10_1.10.17-1+deb9u1
- CVE-2017-14737: An attacker of a local or a cross-VM may be able to recover bits of secret exponents as used in RSA, DH, etc. with help of cache analysis.
-
DLA-2818-1 ffmpeg_3.2.16-1+deb9u1.
-
CVE-2021-38291: Assertion failure at src/libavutil/mathematics.c, causing ffmpeg aborted is detected. In some extrme cases, like with adpcm_ms samples with an extremely high channel count, get_audio_frame_duration() may return a negative frame duration value.
-
CVE-2021-38171: adts_decode_extradata in libavformat/adtsenc.c does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
-
CVE-2020-22054: A Denial of Service vulnerability due to a memory leak in the av_dict_set function in dict.c.
-
CVE-2020-22049: A Denial of Service vulnerability due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
-
CVE-2020-22048: A Denial of Service vulnerability due to a memory leak in the ff_frame_pool_get function in framepool.c.
-
CVE-2020-22046: A Denial of Service vulnerability due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
-
CVE-2020-22044: A Denial of Service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
-
CVE-2020-22041: A Denial of Service vulnerability due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.
-
CVE-2020-22037: A Denial of Service vulnerability due to a memory leak in avcodec_alloc_context3 at options.c
-
CVE-2020-20453: Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service.
-
CVE-2020-20451: Denial of Service issue due to resource management errors via fftools/cmdutils.c.
-
CVE-2020-20446: Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
-
CVE-2020-20445: Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
-
Other LTS-related work Link to heading
- FD-duties:
- Added icinga2, kodi, mbedtls, ckeditor, wordpress, gerbv
- Initiated discussion about redefining FD-role and fair FD-slots dispatch
- Mark following CVEs as for Stretch:
- CVE-2021-38090 - ffmpeg
- CVE-2021-38091 - ffmpeg
- CVE-2021-38092 - ffmpeg
- CVE-2021-38093 - ffmpeg
- CVE-2021-38094 - ffmpeg
- CVE-2020-22056 - ffmpeg
- CVE-2020-22056 - ffmpeg
- CVE-2020-22038 - ffmpeg
- CVE-2020-20898 - ffmpeg
- CVE-2020-20448 - ffmpeg
- Mark following CVEs as for Stretch:
- CVE-2020-22042 - ffmpeg
- CVE-2020-22042 - ffmpeg
- CVE-2020-22040 - ffmpeg
- CVE-2020-22039 - ffmpeg
LTS-Meeting Link to heading
I participated the Debian LTS team IRC-meeting this month, but not from the beginning due to a time shift…
Debian Science Team Link to heading
-
Requested CVE-2021-43618 for the gmp package
-
filed
- #1000539 to remove boost1.71 from the archive.
-
uploaded
- gmsh_4.8.4+ds1-2, gmsh_4.8.4+ds2-1, fixing #995424, #948773
- wslay_1.1.1-3, fixing #997384
- minieigen_0.50.3+dfsg1-13, fixing #997061, #997422
- sfepy_2020.4-2, fixing #997436
- lammps_20210122~gita77bb+ds1-3, fixing #997418
- yade_2021.11~git~6f71ebd-1, fixing #984421
- lammps_20210122~gita77bb+ds1-4, fixing FTBFS
- gmp_6.2.1+dfsg-3, fixing #994405, CVE-2021-43618
- gmp_6.1.2+dfsg-4+deb10u1, (filed #1000473 for approval), CVE-2021-43618
- gmp_6.2.1+dfsg-1+deb11u1, (filed #1000477 for approval), CVE-2021-43618
- alglib_3.18.0-1~exp1
- eigen3_3.4.0-1~exp1
- boost1.74_1.74.0-13, fixing #999778, #999853
- eigen3_3.4.0-1
- dyssol_1.0~alpha1-20211119.gitd7bc300-1
- vtk9_9.1.0+dfsg1-1
- vtk9_9.1.0+dfsg2-1, fixing #1000501, #996257, #998470
- vtk9_9.1.0+dfsg2-2
- vtk9_9.1.0+really9.0.3+dfsg1-3, fixing #1000611
- vtk9_9.1.0+really9.0.3+dfsg1-4, fixing #1000746
-
Reviewd and uploaded
- ignition-utils_1.1.0+ds-2
- opm-common_2021.10-1
- opm-material_2021.10-1
- opm-grid_2021.10-1
- opm-models_2021.10-1
- opm-upscaling_2021.10-1
- opm-simulators_2021.10-1
Other FLOSS activities Link to heading
- Some activities in Yade project.