Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1e48bd3 by Thorsten Alteholz at 2021-08-28T13:46:37+02:00
also take openssl1.0
- - - - -
88e008c5 by Thorsten Alteholz at 2021-08-28T13:50:16+02:00
take squashfs-tools
- - - - -
d4f5ecbb by Thorsten Alteholz at 2021-08-28T13:58:22+02:00
mark several CVEs for gpac as not-affected and follow sec team with some no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -17728,6 +17728,7 @@ CVE-2021-32440 (The Media_RewriteODFrame function in
GPAC 1.0.1 allows attackers
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
NOTE: https://github.com/gpac/gpac/issues/1772
CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in
GPAC 1.0. ...)
@@ -17738,12 +17739,14 @@ CVE-2021-32438 (The gf_media_export_filters function
in GPAC 1.0.1 allows attack
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868
NOTE: https://github.com/gpac/gpac/issues/1769
CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers
to caus ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e
NOTE: https://github.com/gpac/gpac/issues/1770
CVE-2021-32436
@@ -20772,6 +20775,7 @@ CVE-2021-31261 (The gf_hinter_track_new function in
GPAC 1.0.1 allows attackers
CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to
cause a deni ...)
- gpac 1.0.1+dfsg1-4 (bug #987280)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
NOTE: https://github.com/gpac/gpac/issues/1736
CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC
1.0.1 allo ...)
@@ -20782,11 +20786,13 @@ CVE-2021-31259 (The
gf_isom_cenc_get_default_info_internal function in GPAC 1.0.
CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows
attackers ...)
- gpac 1.0.1+dfsg1-4 (bug #987280)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
NOTE: https://github.com/gpac/gpac/issues/1706
CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause
a denial ...)
- gpac 1.0.1+dfsg1-4 (bug #987280)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
NOTE: https://github.com/gpac/gpac/issues/1734
CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in
GPAC 1.0. ...)
@@ -23976,6 +23982,7 @@ CVE-2021-30015 (There is a Null Pointer Dereference in
function filter_core/filt
CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the
hevc_pa ...)
- gpac 1.0.1+dfsg1-4 (bug #987323)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
NOTE: https://github.com/gpac/gpac/issues/1721
CVE-2021-30013
@@ -43473,30 +43480,35 @@ CVE-2021-21862 (Multiple exploitable integer
truncation vulnerabilities exist wi
CVE-2021-21861 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
NOTE:
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21860 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
NOTE:
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21859 (An exploitable integer truncation vulnerability exists within
the MPEG ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
NOTE:
https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
NOTE:
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
NOTE:
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
@@ -43509,24 +43521,28 @@ CVE-2021-21856 (Multiple exploitable integer overflow
vulnerabilities exist with
CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
NOTE:
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
NOTE:
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
NOTE:
https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE:
https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315
@@ -43540,90 +43556,105 @@ CVE-2021-21851 (Multiple exploitable integer
overflow vulnerabilities exist with
CVE-2021-21850 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21849 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21848 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21842 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21841 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21840 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist
within the ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
CVE-2021-21836 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
@@ -43636,6 +43667,7 @@ CVE-2021-21835 (An exploitable integer overflow
vulnerability exists within the
CVE-2021-21834 (An exploitable integer overflow vulnerability exists within
the MPEG-4 ...)
- gpac <unfixed>
[buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE:
https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/issues/1814
@@ -44750,22 +44782,26 @@ CVE-2020-35983
CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is an i ...)
- gpac 1.0.1+dfsg1-4 (bug #987374)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619
NOTE: https://github.com/gpac/gpac/issues/1660
CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is an i ...)
- gpac 1.0.1+dfsg1-4 (bug #987374)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is a us ...)
- gpac <unfixed> (bug #987374; bug #990691)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is heap ...)
- gpac 1.0.1+dfsg1-4 (bug #987374)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc
NOTE: https://github.com/gpac/gpac/issues/1662
CVE-2020-35978
=====================================
data/dla-needed.txt
=====================================
@@ -55,6 +55,8 @@ nvidia-graphics-drivers
--
openssl (Thorsten Alteholz)
--
+openssl1.0 (Thorsten Alteholz)
+--
pjproject (Abhijith PA)
NOTE: 20210804: Check notes on CVE (especially re. src:ring). (lamby)
NOTE: 20210821: Fix backported (abhijith)
@@ -96,3 +98,5 @@ salt
NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a
debdiff. (utkarsh)
NOTE: 20210816: will test the provided debdiff; needs testing as regression
spotted. (utkarsh)
--
+squashfs-tools (Thorsten Alteholz)
+--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54300e233b4ff9546e6e8ceb1a24f956a03bfe00...d4f5ecbb4c1c761651b2c76a748b3ae2a9c8ab76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54300e233b4ff9546e6e8ceb1a24f956a03bfe00...d4f5ecbb4c1c761651b2c76a748b3ae2a9c8ab76
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
