Bug#987280: CVE-2021-31254 CVE-2021-31255 CVE-2021-31256 CVE-2021-31257 CVE-2021-31258 CVE-2021-31259 CVE-2021-31260 CVE-2021-31261 CVE-2021-31262

2021-04-20 Thread Salvatore Bonaccorso 
Hi,

On Tue, Apr 20, 2021 at 08:55:13PM +0200, Moritz Muehlenhoff wrote:
> Package: gpac
> Version: 1.0.1+dfsg1-3
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team 
> 
> CVE-2021-31262
> https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50
> https://github.com/gpac/gpac/issues/1738
> 
> CVE-2021-31261
> https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65
> https://github.com/gpac/gpac/issues/1737
> 
> CVE-2021-31260
> https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
> https://github.com/gpac/gpac/issues/1736
> 
> CVE-2021-31259
> https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8
> https://github.com/gpac/gpac/issues/1735
> 
> CVE-2021-31258
> https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
> https://github.com/gpac/gpac/issues/1706
> 
> CVE-2021-31257
> https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
> https://github.com/gpac/gpac/issues/1734
> 
> CVE-2021-31256
> https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e
> https://github.com/gpac/gpac/issues/1705
> 
> CVE-2021-31255
> https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5
> https://github.com/gpac/gpac/issues/1733
> 
> CVE-2021-31254
> https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8
> https://github.com/gpac/gpac/issues/1703

There appeared some more gpac CVEs yesterday, should we fill those as
a separate bug? See CVE-2021-29279, CVE-2021-30014, CVE-2021-30015,
CVE-2021-30019, CVE-2021-30020, CVE-2021-30022, CVE-2021-30199
additionally.

Regards,
Salvatore

Bug#987280: CVE-2021-31254 CVE-2021-31255 CVE-2021-31256 CVE-2021-31257 CVE-2021-31258 CVE-2021-31259 CVE-2021-31260 CVE-2021-31261 CVE-2021-31262

2021-04-20 Thread Moritz Muehlenhoff 
Package: gpac
Version: 1.0.1+dfsg1-3
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

CVE-2021-31262
https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50
https://github.com/gpac/gpac/issues/1738

CVE-2021-31261
https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65
https://github.com/gpac/gpac/issues/1737

CVE-2021-31260
https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
https://github.com/gpac/gpac/issues/1736

CVE-2021-31259
https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8
https://github.com/gpac/gpac/issues/1735

CVE-2021-31258
https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
https://github.com/gpac/gpac/issues/1706

CVE-2021-31257
https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
https://github.com/gpac/gpac/issues/1734

CVE-2021-31256
https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e
https://github.com/gpac/gpac/issues/1705

CVE-2021-31255
https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5
https://github.com/gpac/gpac/issues/1733

CVE-2021-31254
https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8
https://github.com/gpac/gpac/issues/1703

Cheers,
Moritz