Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d46c624 by Salvatore Bonaccorso at 2022-09-12T22:17:49+02:00
Add CVE-2022-3178 (and update CVE-2022-30976 notes)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -215,7 +215,10 @@ CVE-2022-3180
CVE-2022-3179
RESERVED
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to
2.1.0-DEV. ...)
- TODO: check
+ - gpac <not-affected> (Fix for CVE-2022-30976 not applied)
+ NOTE: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
+ NOTE:
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
+ NOTE: Introduced by the fix for CVE-2022-30976.
CVE-2022-3177
RESERVED
CVE-2022-3176
@@ -25163,6 +25166,9 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode
utf8_wcslen (renamed gf_utf
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2179
NOTE:
https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78
+ NOTE: When fixing this issue make sure to as well apply (cf.
CVE-2022-3178)
+ NOTE:
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
+ NOTE: to not open that issue.
CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has
a NULL p ...)
- mujs 1.2.0-3
[bullseye] - mujs <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d46c624c48b2ba6b3d9e2a142da9396e476ada3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d46c624c48b2ba6b3d9e2a142da9396e476ada3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
