Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abd42ec2 by Ola Lundqvist at 2023-06-19T07:17:24+02:00
Added trafficserver to dla-needed with a note about low prio due to few users.
- - - - -
c6fd8a48 by Ola Lundqvist at 2023-06-19T07:17:24+02:00
Marked a number of no-dsa entries for gpac in buster as end-of-life insead.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -69862,7 +69862,7 @@ CVE-2022-36127 (A vulnerability in Apache SkyWalking
NodeJS Agent prior to 0.5.1
CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac
prior to ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1015788)
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
NOTE:
https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.)
@@ -88632,7 +88632,7 @@ CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by
Improper Access Control i
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0
has a hea ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2173
NOTE: Fixed by:
https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
@@ -96271,7 +96271,7 @@ CVE-2022-26968
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in
gf_base64_encode. It c ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-4 (bug #1007224)
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2138
NOTE:
https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0
@@ -111818,7 +111818,7 @@ CVE-2021-46052 (A Denial of Service vulnerability
exists in Binaryen 104 due to
CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via
the Media ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2011
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
@@ -111829,7 +111829,7 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists
in Binaryen 103 via the pr
CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via
the gf_fi ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2013
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
@@ -111840,70 +111840,70 @@ CVE-2021-46048 (A Denial of Service vulnerability
exists in Binaryen 104 due to
CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via
the gf_hi ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2008
NOTE:
https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd
(v2.0.0)
CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the
gf_isom_box_si ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2005
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause
a denial ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2007
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via
ShiftMetaOf ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2006
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the
gf_list ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2001
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via
the _fsee ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2002
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via
the co64_b ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2004
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via
the finpla ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2003
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via
the shift_ ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1999
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in
unlink_chu ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2000
NOTE:
https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
(v2.0.0)
@@ -112967,7 +112967,7 @@ CVE-2021-45768
CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address
derefer ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1982
NOTE:
https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde
(v2.0.0)
@@ -112978,21 +112978,21 @@ CVE-2021-45765
CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory
address derefe ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1971
NOTE:
https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb
(v2.0.0)
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the
function ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1974
NOTE:
https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec
(v2.0.0)
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory
address derefe ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1978
NOTE:
https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788
(v2.0.0)
@@ -113001,7 +113001,7 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain
an invalid memory address
CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory
address derefe ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1966
NOTE:
https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea
(v2.0.0)
@@ -114640,7 +114640,7 @@ CVE-2021-45298
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in
gf_get_bit_size ...)
{DSA-5411-1}
- gpac 2.0.0+dfsg1-2
- [buster] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1973
NOTE:
https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770
(v2.0.0)
=====================================
data/dla-needed.txt
=====================================
@@ -221,6 +221,10 @@ samba (Lee Garrett)
syncthing
NOTE: 20230616: Added by Front-Desk (opal)
--
+trafficserver
+ NOTE: 20230618: Added by Front-Desk (opal)
+ NOTE: 20230618: Low prio due to the few number of users.
+--
webkit2gtk (Emilio)
NOTE: 20230512: Re-added (pochu)
NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll
have to EOL webkit (pochu)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d0ae311f69c76f1ed243b5eaf0215490af46108c...c6fd8a485560b9827c2fb484f736d3e1dde9fcf6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d0ae311f69c76f1ed243b5eaf0215490af46108c...c6fd8a485560b9827c2fb484f736d3e1dde9fcf6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
