[Git][security-tracker-team/security-tracker][master] new gpac issues

Moritz Muehlenhoff (@jmm) Thu, 19 Aug 2021 14:29:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
84a24b9c by Moritz Muehlenhoff at 2021-08-19T23:29:18+02:00
new gpac issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41513,63 +41513,188 @@ CVE-2021-21864 (A unsafe deserialization 
vulnerability exists in the ComponentMo
 CVE-2021-21863 (A unsafe deserialization vulnerability exists in the 
ComponentModel Pr ...)
        NOT-FOR-US: CODESYS
 CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist 
within t ...)
-       TODO: check
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE: Introduced in https://github.com/gpac/gpac/commit/69ae9059fc
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+       NOTE: 
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21861 (An exploitable integer truncation vulnerability exists within 
the MPEG ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+       NOTE: 
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21860 (An exploitable integer truncation vulnerability exists within 
the MPEG ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+       NOTE: 
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21859 (An exploitable integer truncation vulnerability exists within 
the MPEG ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+       NOTE: 
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+       NOTE: 
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+       NOTE: 
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE: Introduced in https://github.com/gpac/gpac/commit/35c4644cb5
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+       NOTE: 
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+       NOTE: 
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+       NOTE: 
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE: Introduced in 
https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21850
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21849
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21848
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21842
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21841
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21840
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist 
within the ...)
-       TODO: check
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21836
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21835
        RESERVED
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE: Introduced in 
https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21834
        RESERVED
+       - gpac <unfixed>
+       [buster] - gpac <not-affected> (Vulnerable code not present)
+       NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+       NOTE: 
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+       NOTE: https://github.com/gpac/gpac/issues/1814
 CVE-2021-21833 (An improper array index validation vulnerability exists in the 
TIF IP_ ...)
        NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing 
functional ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ chromium
 --
 djvulibre
 --
+gpac/stable (jmm)
+--
 icu
 --
 linux (carnil)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a24b9c531e2cf2b0edea7273dccca673edfcb6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84a24b9c531e2cf2b0edea7273dccca673edfcb6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new gpac issues

Reply via email to