Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed9e320d by Sylvain Beucler at 2024-08-16T10:42:31+02:00
gpac: EOL in bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14482,11 +14482,13 @@ CVE-2024-6065 (A vulnerability was found in
itsourcecode Bakery Online Ordering
NOT-FOR-US: itsourcecode Bakery Online Ordering System
CVE-2024-6064 (A vulnerability was found in GPAC
2.5-DEV-rev228-g11067ea92-master. It ...)
- gpac <removed> (bug #1074414)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2874
NOTE:
https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5
CVE-2024-6063 (A vulnerability was found in GPAC
2.5-DEV-rev228-g11067ea92-master. It ...)
- gpac <removed> (bug #1074414)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2873
NOTE:
https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5
@@ -14536,11 +14538,13 @@ CVE-2023-37057 (An issue in JLINK Unionman Technology
Co. Ltd Jlink AX1800 v.1.0
NOT-FOR-US: JLINK
CVE-2024-6062 (A vulnerability was found in GPAC
2.5-DEV-rev228-g11067ea92-master and ...)
- gpac <removed> (bug #1074414)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2872
NOTE:
https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd
CVE-2024-6061 (A vulnerability has been found in GPAC
2.5-DEV-rev228-g11067ea92-maste ...)
- gpac <removed> (bug #1074414)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2871
NOTE:
https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c
@@ -46711,11 +46715,13 @@ CVE-2024-28401 (TOTOLINK X2000R before
v1.0.0-B20231213.1013 contains a Store Cr
NOT-FOR-US: TOTOLINK
CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain an out ...)
- gpac <removed> (bug #1068462)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2763
NOTE:
https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e
CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain a out ...)
- gpac <removed> (bug #1068462)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2764
NOTE:
https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716
@@ -48274,6 +48280,7 @@ CVE-2023-49340 (An issue was discovered in Newland
Nquire 1000 Interactive Kiosk
NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk
CVE-2023-46427 (An issue was discovered in gpac version
2.3-DEV-rev588-g7edc40fee-mast ...)
- gpac <removed> (bug #1068462)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2641
NOTE:
https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a
@@ -56764,6 +56771,7 @@ CVE-2024-24267 (gpac v2.2.1 was discovered to contain a
memory leak via the gfio
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md
CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF)
vulnerabi ...)
- gpac <removed> (bug #1068462)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md
CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the
dst_props ...)
@@ -58618,6 +58626,7 @@ CVE-2024-23655 (Tuta is an encrypted email service.
Starting in version 3.118.12
NOT-FOR-US: Tuta
CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the
function g ...)
- gpac <removed> (bug #1065861)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2713
NOTE:
https://github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048
@@ -62369,11 +62378,13 @@ CVE-2024-21644 (pyLoad is the free and open-source
Download Manager written in p
- pyload <itp> (bug #1001980)
CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.3-DEV.)
- gpac <removed> (bug #1060409)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/
NOTE:
https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70
CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
- gpac <removed> (bug #1060409)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
NOTE:
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
@@ -68044,6 +68055,7 @@ CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0
stores user credentials
NOT-FOR-US: IBM
CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to
cause a ...)
- gpac <removed> (bug #1059056)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2652
NOTE:
https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
@@ -68052,6 +68064,7 @@ CVE-2023-47254 (An OS Command Injection in the CLI
interface on DrayTek Vigor167
NOT-FOR-US: DrayTek Vigor167
CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version
2.3-DEV-rev617-g671 ...)
- gpac <removed> (bug #1059056)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2669
NOTE:
https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
@@ -71223,10 +71236,12 @@ CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered
to contain a heap overflow
NOT-FOR-US: Tenda
CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory
leaks in ...)
- gpac <removed> (bug #1059056)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2680
CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory
leak in ...)
- gpac <removed> (bug #1059056)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2679
CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in
Slider ...)
@@ -71887,16 +71902,19 @@ CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to
Insecure Permissions via /x
NOT-FOR-US: XXL-Job
CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to
contain a sta ...)
- gpac <removed> (bug #1056282)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2613
NOTE:
https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b
CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to
contain a dou ...)
- gpac <removed> (bug #1056282)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2612
NOTE:
https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893
CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to
contain a hea ...)
- gpac <removed> (bug #1056282)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2611
NOTE:
https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea
@@ -73323,6 +73341,7 @@ CVE-2023-46483 (Cross Site Scripting vulnerability in
timetec AWDMS v.2.0 allows
NOT-FOR-US: timetec AWDMS
CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box
v.2.3-DEV-rev573-g2013208 ...)
- gpac <removed> (bug #1056282)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2629
NOTE:
https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4
@@ -73368,6 +73387,7 @@ CVE-2023-45283 (The filepath package does not recognize
paths with a \??\ prefix
NOTE: No security impact for Debian packages, only affects code running
on Windows
CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.3.0-DEV.)
- gpac <removed> (bug #1056282)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
NOTE:
https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
@@ -74208,13 +74228,13 @@ CVE-2023-4452 (A vulnerability has been identified in
the EDR-810, EDR-G902, and
NOT-FOR-US: Moxa
CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a
heap-buffer-overflow ...)
- gpac <removed> (bug #1055298)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2664
NOTE:
https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf
CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in
gpac/MP4Box i ...)
- gpac <removed> (bug #1055298)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2666
NOTE:
https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8
@@ -74226,6 +74246,7 @@ CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master
contains a SEGV in gpac/MP
NOTE:
https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1
CVE-2023-46927 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a
heap-buffer-overflow ...)
- gpac <removed> (bug #1055298)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2657
NOTE:
https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817
@@ -77510,6 +77531,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove
the authorization HTTP hea
NOTE: Fixed by
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
(1.25)
CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3.0 ...)
- gpac <removed> (bug #1055124)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2632
NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740
@@ -77944,6 +77966,7 @@ CVE-2023-5521 (Incorrect Authorization in GitHub
repository tiann/kernelsu prior
NOT-FOR-US: KernelSU
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.2.2.)
- gpac <removed> (bug #1053878)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
NOTE:
https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
@@ -79379,6 +79402,7 @@ CVE-2023-5391 (A CWE-502: Deserialization of untrusted
data vulnerability exists
NOT-FOR-US: Schneider Electric
CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
v2.2.2-DEV.)
- gpac <removed> (bug #1055122)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2606
NOTE:
https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce
@@ -83634,7 +83658,7 @@ CVE-2023-4781 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
(v9.0.1873)
CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.3-DEV.)
- gpac <removed> (bug #1051740)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
NOTE:
https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed
@@ -83849,24 +83873,25 @@ CVE-2023-34321 (Arm provides multiple helpers to
clean & invalidate the cache fo
NOTE: https://xenbits.xen.org/xsa/advisory-437.html
CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to
2.3-DEV.)
- gpac <removed> (bug #1051740)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6
CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
- gpac <removed> (bug #1051740)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05
CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.)
- gpac <removed> (bug #1051740)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3
CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to
2.3-DEV.)
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
@@ -84271,11 +84296,13 @@ CVE-2023-4722 (Integer Overflow or Wraparound in
GitHub repository gpac/gpac pri
NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830
CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.3-DEV.)
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63
NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc
CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub
repository ...)
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a
NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad
@@ -84459,6 +84486,7 @@ CVE-2023-4683 (NULL Pointer Dereference in GitHub
repository gpac/gpac prior to
NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922
CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be
NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c
@@ -85310,7 +85338,7 @@ CVE-2023-39578 (A stored cross-site scripting (XSS)
vulnerability in the Create
NOT-FOR-US: Zenario CMS
CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to
contain a hea ...)
- gpac <removed> (bug #1051740)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2537
NOTE:
https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6
@@ -94562,6 +94590,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to
verify that a secret provided
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.2 ...)
{DSA-5452-1}
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
NOTE:
https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
@@ -96403,6 +96432,7 @@ CVE-2023-3013 (Unchecked Return Value in GitHub
repository gpac/gpac prior to 2.
CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.2.2 ...)
{DSA-5452-1}
- gpac <removed> (bug #1051740)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
NOTE:
https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7
@@ -97362,24 +97392,28 @@ CVE-2023-31584 (GitHub repository cu/silicon commit
a9ef36 was discovered to con
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.2.2 ...)
{DSA-5411-1}
- gpac <removed> (bug #1036701)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE:
https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
{DSA-5411-1}
- gpac <removed> (bug #1036701)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE:
https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.2.2.)
{DSA-5411-1}
- gpac <removed> (bug #1036701)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE:
https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
{DSA-5411-1}
- gpac <removed> (bug #1036701)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
NOTE:
https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611
@@ -122238,7 +122272,7 @@ CVE-2023-0359 (A missing nullptr-check in
handle_ra_input can cause a nullptr-de
NOT-FOR-US: Zephyr
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to
2.3.0-DEV.)
- gpac <removed> (bug #1033116; bug #1051866)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
NOTE:
https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
@@ -128947,7 +128981,7 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to
Buffer Overflow in function void
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- gpac 2.2.1+dfsg1-2 (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2350
NOTE:
https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25
(v2.2.0)
@@ -131936,7 +131970,7 @@ CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b
is vulnerable to Null poin
CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap
use-after- ...)
[experimental] - gpac 2.2.1+dfsg1-1
- gpac 2.2.1+dfsg1-2 (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2344
NOTE:
https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e
(v2.2.0)
@@ -165758,7 +165792,7 @@ CVE-2022-2454 (Integer Overflow or Wraparound in
GitHub repository gpac/gpac pri
NOTE:
https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.)
- gpac 2.0.0+dfsg1-4 (bug #1015788)
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
NOTE:
https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c
@@ -199429,7 +199463,7 @@ CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL
pointer dereference in gf_utf8_
NOTE:
https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a
(v2.0.0)
CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box.)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
+ [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2061
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9e320d7aa7801fcb2d82d0a5cc921097b49e4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9e320d7aa7801fcb2d82d0a5cc921097b49e4d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
