Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: ed9e320d by Sylvain Beucler at 2024-08-16T10:42:31+02:00 gpac: EOL in bullseye - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -14482,11 +14482,13 @@ CVE-2024-6065 (A vulnerability was found in itsourcecode Bakery Online Ordering NOT-FOR-US: itsourcecode Bakery Online Ordering System CVE-2024-6064 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) - gpac <removed> (bug #1074414) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2874 NOTE: https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5 CVE-2024-6063 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...) - gpac <removed> (bug #1074414) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2873 NOTE: https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5 @@ -14536,11 +14538,13 @@ CVE-2023-37057 (An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 NOT-FOR-US: JLINK CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...) - gpac <removed> (bug #1074414) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2872 NOTE: https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd CVE-2024-6061 (A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-maste ...) - gpac <removed> (bug #1074414) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2871 NOTE: https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c @@ -46711,11 +46715,13 @@ CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cr NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) - gpac <removed> (bug #1068462) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2763 NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) - gpac <removed> (bug #1068462) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2764 NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 @@ -48274,6 +48280,7 @@ CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) - gpac <removed> (bug #1068462) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2641 NOTE: https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a @@ -56764,6 +56771,7 @@ CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...) - gpac <removed> (bug #1068462) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props ...) @@ -58618,6 +58626,7 @@ CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 3.118.12 NOT-FOR-US: Tuta CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the function g ...) - gpac <removed> (bug #1065861) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2713 NOTE: https://github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048 @@ -62369,11 +62378,13 @@ CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in p - pyload <itp> (bug #1001980) CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1060409) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/ NOTE: https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac <removed> (bug #1060409) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/ NOTE: https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a @@ -68044,6 +68055,7 @@ CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials NOT-FOR-US: IBM CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...) - gpac <removed> (bug #1059056) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2652 NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49 @@ -68052,6 +68064,7 @@ CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 NOT-FOR-US: DrayTek Vigor167 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...) - gpac <removed> (bug #1059056) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2669 NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b @@ -71223,10 +71236,12 @@ CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow NOT-FOR-US: Tenda CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...) - gpac <removed> (bug #1059056) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2680 CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...) - gpac <removed> (bug #1059056) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2679 CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...) @@ -71887,16 +71902,19 @@ CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /x NOT-FOR-US: XXL-Job CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...) - gpac <removed> (bug #1056282) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2613 NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...) - gpac <removed> (bug #1056282) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2612 NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) - gpac <removed> (bug #1056282) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2611 NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea @@ -73323,6 +73341,7 @@ CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - gpac <removed> (bug #1056282) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2629 NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 @@ -73368,6 +73387,7 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac <removed> (bug #1056282) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e @@ -74208,13 +74228,13 @@ CVE-2023-4452 (A vulnerability has been identified in the EDR-810, EDR-G902, and NOT-FOR-US: Moxa CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) - gpac <removed> (bug #1055298) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2664 NOTE: https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) - gpac <removed> (bug #1055298) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2666 NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8 @@ -74226,6 +74246,7 @@ CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP NOTE: https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1 CVE-2023-46927 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) - gpac <removed> (bug #1055298) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2657 NOTE: https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817 @@ -77510,6 +77531,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP hea NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25) CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...) - gpac <removed> (bug #1055124) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2632 NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 @@ -77944,6 +77966,7 @@ CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior NOT-FOR-US: KernelSU CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac <removed> (bug #1053878) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e @@ -79379,6 +79402,7 @@ CVE-2023-5391 (A CWE-502: Deserialization of untrusted data vulnerability exists NOT-FOR-US: Schneider Electric CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.) - gpac <removed> (bug #1055122) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2606 NOTE: https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce @@ -83634,7 +83658,7 @@ CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873) CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1051740) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed @@ -83849,24 +83873,25 @@ CVE-2023-34321 (Arm provides multiple helpers to clean & invalidate the cache fo NOTE: https://xenbits.xen.org/xsa/advisory-437.html CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1051740) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac <removed> (bug #1051740) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1051740) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c @@ -84271,11 +84296,13 @@ CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac pri NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...) - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad @@ -84459,6 +84486,7 @@ CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c @@ -85310,7 +85338,7 @@ CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create NOT-FOR-US: Zenario CMS CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...) - gpac <removed> (bug #1051740) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2537 NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 @@ -94562,6 +94590,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...) {DSA-5452-1} - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf @@ -96403,6 +96432,7 @@ CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2. CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) {DSA-5452-1} - gpac <removed> (bug #1051740) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 @@ -97362,24 +97392,28 @@ CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to con CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) {DSA-5411-1} - gpac <removed> (bug #1036701) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) {DSA-5411-1} - gpac <removed> (bug #1036701) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) {DSA-5411-1} - gpac <removed> (bug #1036701) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) {DSA-5411-1} - gpac <removed> (bug #1036701) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 @@ -122238,7 +122272,7 @@ CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-de NOT-FOR-US: Zephyr CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac <removed> (bug #1033116; bug #1051866) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355 NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b @@ -128947,7 +128981,7 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2350 NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0) @@ -131936,7 +131970,7 @@ CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null poin CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2344 NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0) @@ -165758,7 +165792,7 @@ CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac pri NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.) - gpac 2.0.0+dfsg1-4 (bug #1015788) - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a NOTE: https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c @@ -199429,7 +199463,7 @@ CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_ NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0) CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box.) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac <no-dsa> (Minor issue) + [bullseye] - gpac <end-of-life> (EOL in bullseye LTS) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2061 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9e320d7aa7801fcb2d82d0a5cc921097b49e4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9e320d7aa7801fcb2d82d0a5cc921097b49e4d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits