Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7d0eae82 by Salvatore Bonaccorso at 2023-09-13T21:02:45+02:00 Track unfixed gpac issues as fallout from #1033116 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -33535,7 +33535,7 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7 - ampache <removed> CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 @@ -33625,7 +33625,7 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plug NOT-FOR-US: WordPress plugin CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...) {DSA-5452-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21 NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe @@ -39095,7 +39095,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not valid CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.) NOT-FOR-US: Zephyr CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355 @@ -40845,17 +40845,17 @@ CVE-2023-23146 RESERVED CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 CVE-2023-23142 @@ -51405,7 +51405,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8) CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2333 NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 @@ -54348,7 +54348,7 @@ CVE-2022-45344 RESERVED CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2315 NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 @@ -54473,7 +54473,7 @@ CVE-2022-45284 RESERVED CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2295 NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df @@ -54642,7 +54642,7 @@ CVE-2022-45203 RESERVED CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2296 NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 @@ -63400,25 +63400,25 @@ CVE-2022-43047 CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...) NOT-FOR-US: Food Ordering Management System CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2277 NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2282 NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2276 NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2278 @@ -63426,13 +63426,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain CVE-2022-43041 RESERVED CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2280 NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [bullseye] - gpac <not-affected> (Vulnerable code not present) [buster] - gpac <not-affected> (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2281 @@ -69862,7 +69862,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d NOT-FOR-US: jgraph/drawio CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) {DSA-5411-1} - - gpac <unfixed> (bug #1033116) + - gpac <unfixed> (bug #1033116; bug #1051866) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits