Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits: df147132 by Roberto C. Sánchez at 2022-04-09T12:43:26-04:00 LTS: mark CVE-2021-33362/gpac as <not-affected> for stretch and buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -56797,13 +56797,14 @@ CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0. CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac <ignored> (Minor issue) - [buster] - gpac <ignored> (Minor issue) - [stretch] - gpac <ignored> (Minor issue) + [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0) + [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor <no-dsa> (Minor issue) [buster] - ccextractor <no-dsa> (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1780 + NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57 CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) - gpac <unfixed> (unimportant) [buster] - gpac <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits