Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df147132 by Roberto C. Sánchez at 2022-04-09T12:43:26-04:00
LTS: mark CVE-2021-33362/gpac as <not-affected> for stretch and buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56797,13 +56797,14 @@ CVE-2021-33363 (Memory leak in the infe_box_read
function in MP4Box in GPAC 1.0.
CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function
in MP4B ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
- [buster] - gpac <ignored> (Minor issue)
- [stretch] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in
version 0.7.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in
version 0.7.0)
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
NOTE:
https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
(v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1780
+ NOTE: Introduced by
https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC
1.0.1 allo ...)
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
