Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3fc82273 by Salvatore Bonaccorso at 2018-03-07T21:03:30+01:00
Add CVE-2018-1000100/gpac

gpac is not affected by the buffer overflow flaw in
src/isomedia/avc_ext.c , which is associated with CVE-2018-1000100 .
Interestingly the fixing commit for

https://github.com/gpac/gpac/issues/994

which is

https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4

adresses as well another buffer overflow flaw in
src/media_tools/av_parsers.c wich is not covere by the CVE description.
The second one is

https://github.com/gpac/gpac/issues/997

Asked MITRE for clarification if another CVE has to be assigned or we
can cover both issues with this CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -75,7 +75,9 @@ CVE-2018-7720 (A cross-site request forgery (CSRF) 
vulnerability exists in Weste
 CVE-2018-7719
        RESERVED
 CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer 
Overflow ...)
-       TODO: check
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE: https://github.com/gpac/gpac/issues/994
+       NOTE: 
https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
 CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows 
local ...)
        - bash-completion <unfixed> (unimportant)
        - util-linux 2.31.1-0.5 (bug #892179)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fc82273ac5f1b1192333103021c07daaa21efd0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fc82273ac5f1b1192333103021c07daaa21efd0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to