Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3764bf7d by Salvatore Bonaccorso at 2023-09-13T14:03:45+02:00
Track fixes which entered unstable from the experimental upload
Note that some of the CVEs in #1033116 are still not fixed and neither
bugs #1036701 and #1034890 status (which were previously reopened but
without any feedback yet, and now re-closed with the unstable uplaod,
but no changes related to those).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23302,7 +23302,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive
Information vulnerability in
NOT-FOR-US: ForgeRock
CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.4 ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1034187)
+ - gpac 2.2.1+dfsg1-2 (bug #1034187)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
@@ -23311,7 +23311,7 @@ CVE-2023-1655 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to
2.4.0.)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1034187)
+ - gpac 2.2.1+dfsg1-2 (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14
NOTE:
https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da
@@ -24764,7 +24764,7 @@ CVE-2023-1453 (A vulnerability was found in Watchdog
Anti-Virus 1.4.214.0. It ha
CVE-2023-1452 (A vulnerability was found in GPAC
2.3-DEV-rev35-gbbca86917-master. It ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1034187)
+ - gpac 2.2.1+dfsg1-2 (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2386
NOTE:
https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
@@ -24776,7 +24776,7 @@ CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2
and classified as proble
CVE-2023-1449 (A vulnerability has been found in GPAC
2.3-DEV-rev35-gbbca86917-master ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1034187)
+ - gpac 2.2.1+dfsg1-2 (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2387
NOTE:
https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9
@@ -24784,7 +24784,7 @@ CVE-2023-1449 (A vulnerability has been found in GPAC
2.3-DEV-rev35-gbbca86917-m
CVE-2023-1448 (A vulnerability, which was classified as problematic, was found
in GPA ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1034187)
+ - gpac 2.2.1+dfsg1-2 (bug #1034187)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2388
NOTE:
https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463
@@ -32435,7 +32435,7 @@ CVE-2023-0867 (Multiple stored and reflected cross-site
scripting vulnerabilitie
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
NOTE:
https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
@@ -32883,7 +32883,7 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress
plugin before 1.6.7 does n
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to v2. ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
NOTE:
https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
@@ -32891,14 +32891,14 @@ CVE-2023-0819 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to
v2.3.0-DEV.)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
NOTE:
https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff
NOTE:
https://github.com/gpac/gpac/commit/cbbc4d343149c07896c4a3bed28849c576510b6c
(v2.2.1)
CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to
v2.3.0-DEV.)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
@@ -45728,41 +45728,41 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to
Buffer Overflow in ff_hevc_put_h
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer
overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE:
https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d
(v2.2.0)
CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault
(/stack over ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE:
https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b
(v2.2.0)
CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer
Overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2358
NOTE:
https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618
(v2.2.0)
CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer
overflow in is ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2357
NOTE:
https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4
(v2.2.0)
CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer
Overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2354
NOTE:
https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717
(v2.2.0)
CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer
overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2356
@@ -45770,13 +45770,13 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67
is vulnerable to buffer ov
CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer
overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2355
NOTE:
https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097
(v2.2.0)
CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2353
@@ -45788,14 +45788,14 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to
Buffer Overflow in function void
NOTE: https://github.com/strukturag/libde265/pull/376
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2350
NOTE:
https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25
(v2.2.0)
CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2349
@@ -48744,27 +48744,27 @@ CVE-2022-47096
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE:
https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c
(v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null
pointer de ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2345
NOTE:
https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937
(v2.2.0)
CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap
use-after- ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2344
NOTE:
https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e
(v2.2.0)
CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer
overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2347
@@ -48772,7 +48772,7 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b
is contains an Integer ove
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
NOTE:
https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f
(v2.2.0)
@@ -48780,21 +48780,21 @@ CVE-2022-47090
RESERVED
CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2338
NOTE:
https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757
(v2.2.0)
CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2340
NOTE:
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d
(v2.2.0)
CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in
gf_vvc_ ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2339
@@ -48802,7 +48802,7 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b
has a Buffer overflow in g
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation
violati ...)
{DSA-5411-1}
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2337
NOTE:
https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683
(v2.2.0)
@@ -50566,14 +50566,14 @@ CVE-2022-46491 (A Cross-Site Request Forgery (CSRF)
vulnerability in the Add Adm
NOT-FOR-US: nbnbk
CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered
to contai ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2327
NOTE:
https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551
(v2.2.0)
CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered
to contai ...)
[experimental] - gpac 2.2.1+dfsg1-1
- - gpac <unfixed> (bug #1033116)
+ - gpac 2.2.1+dfsg1-2 (bug #1033116)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2328
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
