Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1d998e6e by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: gpac is EOL on buster - - - - - 9a3c63d9 by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: libspring-java is EOL on buster - - - - - 1af0be2a by Emilio Pozuelo Monfort at 2022-08-11T14:23:53+02:00 lts: ckeditor3 is EOL on buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18510,6 +18510,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. .. NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) - gpac <unfixed> (bug #1016443) + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 @@ -18568,6 +18569,7 @@ CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPr NOT-FOR-US: WordPress plugin CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - gpac <unfixed> (bug #1016443) + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2179 NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78 @@ -22785,6 +22787,7 @@ CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmwar NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) - gpac <unfixed> (bug #1016443) + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2175 NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb @@ -25654,6 +25657,7 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio - phpipam <itp> (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...) - gpac <unfixed> (bug #1016443) + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 @@ -29510,6 +29514,7 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) - gpac <unfixed> (bug #1016443) + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 @@ -30068,21 +30073,25 @@ CVE-2022-27149 REJECTED CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2067 NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2109 NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0) CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2120 NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/2108 @@ -36909,11 +36918,13 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0) @@ -37487,28 +37498,33 @@ CVE-2022-24579 RESERVED CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/ NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0) CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0) CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box. ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2061 NOTE: https://huntr.dev/bounties/011ac07c-6139-4f43-b745-424143e60ac7/ NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0) CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2058 NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/ NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0) CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/ NOTE: https://github.com/gpac/gpac/issues/2055 @@ -43317,10 +43333,12 @@ CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Autom NOT-FOR-US: VMware CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java <unfixed> + [buster] - libspring-java <end-of-life> (No longer supported in LTS) [stretch] - libspring-java <end-of-life> (No longer supported in LTS) NOTE: https://tanzu.vmware.com/security/cve-2022-22971 CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java <unfixed> + [buster] - libspring-java <end-of-life> (No longer supported in LTS) [stretch] - libspring-java <end-of-life> (No longer supported in LTS) NOTE: https://tanzu.vmware.com/security/cve-2022-22970 CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...) @@ -46863,6 +46881,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13. NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1990 NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 (v2.0.0) @@ -48670,11 +48689,13 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1958 NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0) CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1955 NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc (v2.0.0) @@ -48686,11 +48707,13 @@ CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to a NOTE: Crash in CLI tool, no security impact CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1972 NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d (v2.0.0) CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1956 NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 (v2.0.0) @@ -48736,11 +48759,13 @@ CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability NOT-FOR-US: Backdrop CMS CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1965 NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 (v2.0.0) CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1985 NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e (v2.0.0) @@ -48750,11 +48775,13 @@ CVE-2021-45264 RESERVED CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1975 NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0) CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1980 NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a (v2.0.0) @@ -50158,53 +50185,63 @@ CVE-2021-44928 RESERVED CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1960 NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 (v2.0.0) CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1961 NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e (v2.0.0) CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1967 NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 (v2.0.0) CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1959 NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 (v2.0.0) CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1962 NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1969 NOTE: https://github.com/gpac/gpac/issues/1968 NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1964 NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 (v2.0.0) CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1957 NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 (v2.0.0) CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1963 NOTE: https://github.com/gpac/gpac/issues/1962 NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1968 NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) @@ -63366,6 +63403,7 @@ CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0) CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1910 NOTE: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) @@ -64087,6 +64125,7 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) @@ -64674,12 +64713,14 @@ CVE-2021-40945 RESERVED CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1906 NOTE: https://github.com/gpac/gpac/commit/44fdc3d972c31c56efe73e1a3b63438d46087652 (v2.0.0) CVE-2021-40943 (In Bento4 1.6.0-638, there is a null pointer reference in the function ...) NOT-FOR-US: Bento4 CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1908 NOTE: https://github.com/gpac/gpac/commit/da37ec8582266983d0ec4b7550ec907401ec441e (v2.0.0) CVE-2021-40941 (In Bento4 1.6.0-638, there is an allocator is out of memory in the fun ...) @@ -65489,18 +65530,22 @@ CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro backgr NOT-FOR-US: emlog CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1894 NOTE: https://github.com/gpac/gpac/commit/86c1566f040b2b84c72afcb6cbd444c5aff56cfe (v2.0.0) CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1883 NOTE: https://github.com/gpac/gpac/commit/b09c75dc2d4bf68ac447daa71e72365aa30231a9 (v2.0.0) CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1879 NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0) CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1885 NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) CVE-2021-40605 @@ -65531,6 +65576,7 @@ CVE-2021-40593 RESERVED CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1876 @@ -65568,76 +65614,91 @@ CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sour NOT-FOR-US: Sourcecodester CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1904 NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0) CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1905 NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0) CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1897 NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb (v2.0.0) CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1891 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1893 NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0) CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1895 NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0) CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1899 NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0) CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1890 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1900 NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0) CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1889 NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1887 NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0) CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1902 NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0) CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1898 NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0) CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1892 NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0) CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1901 NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3 (v2.0.0) @@ -65647,6 +65708,7 @@ CVE-2021-40560 RESERVED CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1886 NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7 (v2.0.0) @@ -73074,6 +73136,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 @@ -76041,6 +76104,7 @@ CVE-2021-36418 RESERVED CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1846 NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 (v2.0.0) @@ -76050,6 +76114,7 @@ CVE-2021-36415 RESERVED CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1840 NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 (v2.0.0) @@ -76057,6 +76122,7 @@ CVE-2021-36413 RESERVED CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) - gpac 2.0.0+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1838 NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0) @@ -82241,6 +82307,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc - ckeditor 4.16.0+dfsg-2 [buster] - ckeditor <no-dsa> (Minor issue) - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed @@ -86312,6 +86379,7 @@ CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-ov NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1) NOTE: https://github.com/gpac/gpac/issues/1575 @@ -86329,6 +86397,7 @@ CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1) CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1587 NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1) @@ -101929,6 +101998,7 @@ CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <postponed> (Fix along next DLA) - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 CVE-2021-26270 @@ -111977,6 +112047,7 @@ CVE-2021-22061 RESERVED CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...) - libspring-java <unfixed> + [buster] - libspring-java <end-of-life> (No longer supported in LTS) [stretch] - libspring-java <end-of-life> (EOL'd for stretch) NOTE: follow-up to CVE-2021-22096 NOTE: https://tanzu.vmware.com/security/cve-2021-22060 @@ -135823,6 +135894,7 @@ CVE-2020-25428 RESERVED CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1406 NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701 (v0.8.1) @@ -137217,6 +137289,7 @@ CVE-2020-24830 RESERVED CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1422 NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 @@ -140715,6 +140788,7 @@ CVE-2020-23270 RESERVED CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1482 NOTE: fixed by fixes for related bugs, no specific commit identified upstream @@ -140724,6 +140798,7 @@ CVE-2020-23268 RESERVED CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1479 NOTE: fixed by fixes for related bugs, no specific commit identified upstream @@ -140731,6 +140806,7 @@ CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_proce NOTE: https://github.com/gpac/gpac/commit/b286aa0cdc0cb781e96430c8777d38f066a2c9f9 (v0.9.0, v0.8.1) CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...) - gpac 1.0.1+dfsg1-2 + [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/47d8bc5b3ddeed6d775197ebefae7c94a45d9bf2 (v0.9.0, v0.8.1) NOTE: https://github.com/gpac/gpac/issues/1481 @@ -261233,6 +261309,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a [stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch) [jessie] - ckeditor <ignored> (Minor issue) - ckeditor3 <unfixed> (low; bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) - fckeditor <removed> CVE-2018-17959 @@ -429980,6 +430057,7 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be [wheezy] - ckeditor <not-affected> (Preview plugin not yet present) [squeeze] - ckeditor <not-affected> (Preview plugin not yet present) - ckeditor3 <unfixed> (bug #1015217) + [buster] - ckeditor3 <end-of-life> (No longer supported in LTS) [stretch] - ckeditor3 <end-of-life> (EOL'd for stretch) NOTE: https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706 (v3.6.x) NOTE: https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a (v4.4.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/233bf106ff105938cf31f3dd30eac5ca19d5197d...1af0be2a4ecdb449e7324b77b69f85f213a88a5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/233bf106ff105938cf31f3dd30eac5ca19d5197d...1af0be2a4ecdb449e7324b77b69f85f213a88a5b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits