Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ad52e3d by Moritz Muehlenhoff at 2023-01-09T10:28:37+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3400,13 +3400,16 @@ CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd
is vulnerable to Buffer Ov
NOTE:
https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf
(v2.2.0)
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function
void put_q ...)
- libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/367
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2350
NOTE:
https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25
(v2.2.0)
CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer
Overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2349
NOTE:
https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f
(v2.2.0)
CVE-2022-47652
@@ -6271,40 +6274,49 @@ CVE-2022-47096
RESERVED
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE:
https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c
(v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null
pointer de ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2345
NOTE:
https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937
(v2.2.0)
CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap
use-after- ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2344
NOTE:
https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e
(v2.2.0)
CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer
overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2347
NOTE:
https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a
(v2.2.0)
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2343
NOTE:
https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f
(v2.2.0)
CVE-2022-47090
RESERVED
CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2338
NOTE:
https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757
(v2.2.0)
CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
Overflow ...)
- gpac <unfixed>
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2340
NOTE:
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d
(v2.2.0)
CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in
gf_vvc_ ...)
- gpac <unfixed>
+ [bullseye] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2339
NOTE:
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d
(v2.2.0)
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation
violati ...)
- gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/2337
NOTE:
https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683
(v2.2.0)
CVE-2022-47085
@@ -8070,11 +8082,11 @@ CVE-2022-46458
CVE-2022-46457 (NASM v2.16 was discovered to contain a segmentation violation
in the c ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392809
- NOTE: Negligible security impact
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-46456 (NASM v2.16 was discovered to contain a global buffer overflow
in the c ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392814
- NOTE: Negligible security impact
+ NOTE: Crash in CLI tool, no security impact
CVE-2022-46455
RESERVED
CVE-2022-46454
@@ -12228,6 +12240,7 @@ CVE-2022-3933 (The Essential Real Estate WordPress
plugin before 3.9.6 does not
NOT-FOR-US: WordPress plugin
CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to
9.0.68 and ...)
- tomcat9 9.0.70-1
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future
update)
- tomcat8 <removed>
NOTE:
https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
(9.0.69)
NOTE:
https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
(8.5.84)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ad52e3d4815f9fd88171f6eb0f88b62cfa5b097
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ad52e3d4815f9fd88171f6eb0f88b62cfa5b097
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
