From 6e5e34d35bb84b8d218f5a10eab10ccbaa4e1517 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 27 Jul 2021 10:54:55 +0200
Subject: "new" vlc issues

---
 data/CVE/list | 12 ++++++++----
 data/DSA/list |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 016bdb9ba6..1464b1ed74 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28361,13 +28361,17 @@ CVE-2021-25806
 CVE-2021-25805
 	RESERVED
 CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...)
-	TODO: check
+	- vlc 3.0.12-1
+	NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12)
 CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...)
-	TODO: check
+	- vlc 3.0.12-1
+	NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
 CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...)
-	TODO: check
+	- vlc 3.0.12-1
+	NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12)
 CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...)
-	TODO: check
+	- vlc 3.0.12-1
+	NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
 CVE-2021-25800
 	RESERVED
 CVE-2021-25799
diff --git a/data/DSA/list b/data/DSA/list
index 88c2ad491d..b31689613d 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -331,7 +331,7 @@
 	{CVE-2020-13943 CVE-2020-17527}
 	[buster] - tomcat9 9.0.31-1~deb10u3
 [22 Jan 2021] DSA-4834-1 vlc - security update
-	{CVE-2020-26664}
+	{CVE-2020-26664 CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804}
 	[buster] - vlc 3.0.12-0+deb10u1
 [18 Jan 2021] DSA-4833-1 gst-plugins-bad1.0 - security update
 	{CVE-2021-3185}
-- 
cgit v1.2.3