Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad017425 by Sylvain Beucler at 2020-01-17T18:18:06+01:00
gpac: more triaging
CVE-2019-20160,CVE-2019-20168,CVE-2019-20169,CVE-2019-20208,CVE-2020-6630,CVE-2020-6631
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1245,10 +1245,12 @@ CVE-2020-6631 (An issue was discovered in GPAC version
0.8.0. There is a NULL po
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/1378
NOTE:
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
+ NOTE: fix considered "ugly" by upstream and introduces abort(3)-based
DoS
CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL
pointer ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/1377
NOTE:
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
+ NOTE: fix considered "ugly" by upstream and introduces abort(3)-based
DoS
CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the
functio ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/190
@@ -4567,7 +4569,7 @@ CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in
GPAC 0.8.0 has a stack-
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1348
- NOTE:
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
+ NOTE:
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
(chunk #1)
CVE-2019-20207
RESERVED
CVE-2019-20206
@@ -4768,11 +4770,11 @@ CVE-2019-20170 (An issue was discovered in GPAC version
0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/issues/1328
NOTE:
https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
- - gpac <unfixed>
+ - gpac <not-affected> (PoC does not crash, fix relates to
'use_dump_mode' introduced in v0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1329
NOTE:
https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb
CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
- - gpac <unfixed>
+ - gpac <not-affected> (PoC does not crash, fix relates to
'use_dump_mode' introduced in v0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1333
NOTE:
https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb
CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
@@ -4804,9 +4806,10 @@ CVE-2019-20161 (An issue was discovered in GPAC version
0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/issues/1320
NOTE:
https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
- - gpac <unfixed>
+ - gpac <not-affected> (Vulnerable code introduced in 0.8.0)
NOTE: https://github.com/gpac/gpac/issues/1334
- NOTE:
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
+ NOTE: Introduced in:
https://github.com/gpac/gpac/commit/d7c2bb5cc3c67566f506f51cbefbf66f8169ea85
+ NOTE: Fixed by:
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e
(chunk #2)
CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1321
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad017425b3a1bbd8ba3574b5f064749d3e12e91c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad017425b3a1bbd8ba3574b5f064749d3e12e91c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
