[Git][security-tracker-team/security-tracker][master] 2 commits: Add new round of Debian bug references for gpac issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
48a5dcdf by Salvatore Bonaccorso at 2021-04-22T19:58:37+02:00
Add new round of Debian bug references for gpac issues

It looks there is again a round of fuzzing/testing of gpac recently,
resulting in many CVEs. Pending evaluation if they are severe enough for
a stable update.

- - - - -
3aaca044 by Salvatore Bonaccorso at 2021-04-22T20:00:29+02:00
Indent one note with tabs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23196,19 +23196,19 @@ CVE-2020-35984
 CVE-2020-35983
        RESERVED
 CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There 
is an i ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619
        NOTE: https://github.com/gpac/gpac/issues/1660
 CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There 
is an i ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
        NOTE: https://github.com/gpac/gpac/issues/1659
 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There 
is a us ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
        NOTE: https://github.com/gpac/gpac/issues/1661
 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There 
is heap ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc
        NOTE: https://github.com/gpac/gpac/issues/1662
 CVE-2020-35978
@@ -47905,22 +47905,22 @@ CVE-2020-23934 (An issue was discovered in RiteCMS 
2.2.1. An authenticated user
 CVE-2020-23933
        REJECTED
 CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer 
dereferen ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784
        NOTE: https://github.com/gpac/gpac/issues/1566
 CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The 
abst_box_read functi ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1
        NOTE: https://github.com/gpac/gpac/issues/1564
        NOTE: https://github.com/gpac/gpac/issues/1567
 CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL 
pointer deref ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349
        NOTE: https://github.com/gpac/gpac/issues/1565
 CVE-2020-23929
        RESERVED
 CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The 
abst_box_read functi ...)
-       - gpac <unfixed>
+       - gpac <unfixed> (bug #987374)
        NOTE: 
https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3
        NOTE: https://github.com/gpac/gpac/issues/1568
        NOTE: https://github.com/gpac/gpac/issues/1569
@@ -215376,7 +215376,7 @@ CVE-2018-1257 (Spring Framework, versions 5.0.x prior 
to 5.0.6, versions 4.3.x p
        [jessie] - libspring-java <not-affected> (Vulnerable code introduced 
later)
        NOTE: https://pivotal.io/security/cve-2018-1257
        NOTE: websocket introduced in v4 
https://github.com/spring-projects/spring-framework/commit/4e67f809fbc1957e40fc787686b63254eaa8d7fa
-       NOTE: https://github.com/spring-projects/spring-framework/issues/26821 
(patch unidentifiable)
+       NOTE: https://github.com/spring-projects/spring-framework/issues/26821 
(patch unidentifiable)
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a 
regression which ...)
        NOT-FOR-US: Spring Cloud SSO Connector
 CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 
7.1.0  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/586dbdae1d20e920aded1b0720cc9703d332f7b6...3aaca044a6d0db03ff4933f55cf874325ca8e188

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/586dbdae1d20e920aded1b0720cc9703d332f7b6...3aaca044a6d0db03ff4933f55cf874325ca8e188
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits