Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3764bf7d by Salvatore Bonaccorso at 2023-09-13T14:03:45+02:00 Track fixes which entered unstable from the experimental upload Note that some of the CVEs in #1033116 are still not fixed and neither bugs #1036701 and #1034890 status (which were previously reopened but without any feedback yet, and now re-closed with the unstable uplaod, but no changes related to those). - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23302,7 +23302,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in NOT-FOR-US: ForgeRock CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1034187) + - gpac 2.2.1+dfsg1-2 (bug #1034187) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 @@ -23311,7 +23311,7 @@ CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1034187) + - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da @@ -24764,7 +24764,7 @@ CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It ha CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1034187) + - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2386 NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f @@ -24776,7 +24776,7 @@ CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as proble CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1034187) + - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2387 NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 @@ -24784,7 +24784,7 @@ CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-m CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1034187) + - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2388 NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 @@ -32435,7 +32435,7 @@ CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilitie CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 @@ -32883,7 +32883,7 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does n CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f @@ -32891,14 +32891,14 @@ CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff NOTE: https://github.com/gpac/gpac/commit/cbbc4d343149c07896c4a3bed28849c576510b6c (v2.2.1) CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3 @@ -45728,41 +45728,41 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2360 NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2359 NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2358 NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0) CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2357 NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0) CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2354 NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0) CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2356 @@ -45770,13 +45770,13 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2355 NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0) CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2353 @@ -45788,14 +45788,14 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void NOTE: https://github.com/strukturag/libde265/pull/376 CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2350 NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0) CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2349 @@ -48744,27 +48744,27 @@ CVE-2022-47096 CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2346 NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0) CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2345 NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0) CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2344 NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0) CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2347 @@ -48772,7 +48772,7 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2343 NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0) @@ -48780,21 +48780,21 @@ CVE-2022-47090 RESERVED CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2338 NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0) CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2340 NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2339 @@ -48802,7 +48802,7 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2337 NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0) @@ -50566,14 +50566,14 @@ CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Adm NOT-FOR-US: nbnbk CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2327 NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0) CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) [experimental] - gpac 2.2.1+dfsg1-1 - - gpac <unfixed> (bug #1033116) + - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2328 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits