[Git][security-tracker-team/security-tracker][master] Track unfixed gpac issues as fallout from #1033116

Salvatore Bonaccorso (@carnil) Wed, 13 Sep 2023 12:03:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7d0eae82 by Salvatore Bonaccorso at 2023-09-13T21:02:45+02:00
Track unfixed gpac issues as fallout from #1033116

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33535,7 +33535,7 @@ CVE-2023-0771 (SQL Injection in GitHub repository 
ampache/ampache prior to 5.5.7
        - ampache <removed>
 CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac 
prior to 2. ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
        NOTE: 
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -33625,7 +33625,7 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance 
Management WordPress plug
        NOT-FOR-US: WordPress plugin
 CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior 
to V2. ...)
        {DSA-5452-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
        NOTE: 
https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
@@ -39095,7 +39095,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin 
before 1.3.4 does not valid
 CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a 
nullptr-deref.)
        NOT-FOR-US: Zephyr
 CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 
2.3.0-DEV.)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <no-dsa> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
@@ -40845,17 +40845,17 @@ CVE-2023-23146
        RESERVED
 CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to 
contain a me ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: 
https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
 CVE-2023-23144 (Integer overflow vulnerability in function 
Q_DecCoordOnUnitSphere file ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: 
https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
 CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in 
file medi ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: 
https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
 CVE-2023-23142
@@ -51405,7 +51405,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered 
in X.509 certificate verif
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc
 (openssl-3.0.8)
 CVE-2022-4202 (A vulnerability, which was classified as problematic, was found 
in GPA ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2333
        NOTE: 
https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908
@@ -54348,7 +54348,7 @@ CVE-2022-45344
        RESERVED
 CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to 
contain a hea ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2315
        NOTE: 
https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -54473,7 +54473,7 @@ CVE-2022-45284
        RESERVED
 CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow 
in the s ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2295
        NOTE: 
https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -54642,7 +54642,7 @@ CVE-2022-45203
        RESERVED
 CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to 
contain a sta ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2296
        NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
@@ -63400,25 +63400,25 @@ CVE-2022-43047
 CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain 
a cross ...)
        NOT-FOR-US: Food Ordering Management System
 CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a segm ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2277
        NOTE: 
https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
 CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a segm ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2282
        NOTE: 
https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a segm ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2276
        NOTE: 
https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
 CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a heap ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2278
@@ -63426,13 +63426,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master 
was discovered to contain
 CVE-2022-43041
        RESERVED
 CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a heap ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <not-affected> (Vulnerable code not present)
        [buster] - gpac <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/gpac/gpac/issues/2280
        NOTE: 
https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e
 CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to 
contain a segm ...)
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [bullseye] - gpac <not-affected> (Vulnerable code not present)
        [buster] - gpac <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/gpac/gpac/issues/2281
@@ -69862,7 +69862,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in 
GitHub repository jgraph/d
        NOT-FOR-US: jgraph/drawio
 CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 
2.1.0-D ...)
        {DSA-5411-1}
-       - gpac <unfixed> (bug #1033116)
+       - gpac <unfixed> (bug #1033116; bug #1051866)
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
        NOTE: 
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track unfixed gpac issues as fallout from #1033116

Reply via email to