[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-4520{2,4} (gpac) as end-of-life

Thu, 01 Dec 2022 14:01:33 -0800 


Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
addabc15 by Anton Gladky at 2022-12-01T22:44:19+01:00
Mark CVE-2022-4520{2,4} (gpac) as end-of-life

- - - - -
bf924387 by Anton Gladky at 2022-12-01T23:00:50+01:00
LTS: add vlc to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3400,6 +3400,7 @@ CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to 
contain a SQL injection vuln
        NOT-FOR-US: Jeecg-boot
 CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to 
contain a mem ...)
        - gpac <unfixed>
+       [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2307
        NOTE: Introduced by: 
https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da
        NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f
@@ -3408,6 +3409,7 @@ CVE-2022-45203
        RESERVED
 CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to 
contain a sta ...)
        - gpac <unfixed>
+       [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2296
        NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
        NOTE: Fixed by: 
https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da


=====================================
data/dla-needed.txt
=====================================
@@ -349,6 +349,12 @@ vim
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --
+vlc
+  NOTE: 20221201: Programming language: C.
+  NOTE: 20221201: VCS: https://salsa.debian.org/lts-team/packages/vlc.git
+  NOTE: 20221201: Please try to find a real patch for CVE-2022-41325 (gladk).
+  NOTE: 20221201: Backporting of a new version would be not the best idea. 
(gladk).
+--
 xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58a84f5ccca8fdf907d2ec4a6de0882a14033c9f...bf92438714cc73a1ee0a63b7ac891069f0b7181d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58a84f5ccca8fdf907d2ec4a6de0882a14033c9f...bf92438714cc73a1ee0a63b7ac891069f0b7181d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to