Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d0eae82 by Salvatore Bonaccorso at 2023-09-13T21:02:45+02:00
Track unfixed gpac issues as fallout from #1033116
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33535,7 +33535,7 @@ CVE-2023-0771 (SQL Injection in GitHub repository
ampache/ampache prior to 5.5.7
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE:
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -33625,7 +33625,7 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance
Management WordPress plug
NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
{DSA-5452-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
NOTE:
https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
@@ -39095,7 +39095,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin
before 1.3.4 does not valid
CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a
nullptr-deref.)
NOT-FOR-US: Zephyr
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to
2.3.0-DEV.)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
@@ -40845,17 +40845,17 @@ CVE-2023-23146
RESERVED
CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to
contain a me ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
CVE-2023-23144 (Integer overflow vulnerability in function
Q_DecCoordOnUnitSphere file ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in
file medi ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE:
https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
CVE-2023-23142
@@ -51405,7 +51405,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered
in X.509 certificate verif
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc
(openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found
in GPA ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
NOTE:
https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908
@@ -54348,7 +54348,7 @@ CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to
contain a hea ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
NOTE:
https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -54473,7 +54473,7 @@ CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow
in the s ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
NOTE:
https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -54642,7 +54642,7 @@ CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to
contain a sta ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
@@ -63400,25 +63400,25 @@ CVE-2022-43047
CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain
a cross ...)
NOT-FOR-US: Food Ordering Management System
CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2277
NOTE:
https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2282
NOTE:
https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2276
NOTE:
https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a heap ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2278
@@ -63426,13 +63426,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master
was discovered to contain
CVE-2022-43041
RESERVED
CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a heap ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2280
NOTE:
https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e
CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to
contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2281
@@ -69862,7 +69862,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in
GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to
2.1.0-D ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE:
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
