Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · 7dfd6d15 · 7dfd6d15
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22538,13 +22538,16 @@ CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of lib
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/24
 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
-	- faad2 <unfixed> (low)
-	[buster] - faad2 <no-dsa> (Minor issue)
+	- faad2 2.8.8-2 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/23
+	NOTE: same underlying issue as CVE-2018-20362, same fix:
+	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
 CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
-	- faad2 <unfixed>
+	- faad2 2.8.8-2
 	NOTE: https://github.com/knik0/faad2/issues/20
+	NOTE: very similar to CVE-2018-20194, same fix:
+	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
 	- faad2 <unfixed>
 	NOTE: https://github.com/knik0/faad2/issues/19
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -64,6 +64,8 @@ libav
 liblivemedia (Hugo Lefeuvre)
  NOTE: 20190416: CVE-2019-773{2,3}: wait for upstream patch - hle
  NOTE: 20190502: not sure upstream was aware of them, contacted them via live555 ML.
+  NOTE: 20190511: my message on the ML is (still!) awaiting moderation, so I continue
+  NOTE: to doubt that they are aware of these CVEs.
 --
 libmatio (Adrian Bunk)
  NOTE: fairly high number of open issues. Not sure why we never had a look at them.