Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 

3fc82273 by Salvatore Bonaccorso at 2018-03-07T21:03:30+01:00
Add CVE-2018-1000100/gpac

gpac is not affected by the buffer overflow flaw in
src/isomedia/avc_ext.c , which is associated with CVE-2018-1000100 .
Interestingly the fixing commit for

which is

adresses as well another buffer overflow flaw in
src/media_tools/av_parsers.c wich is not covere by the CVE description.
The second one is

Asked MITRE for clarification if another CVE has to be assigned or we
can cover both issues with this CVE.

- - - - -

1 changed file:

- data/CVE/list


--- a/data/CVE/list
+++ b/data/CVE/list
@@ -75,7 +75,9 @@ CVE-2018-7720 (A cross-site request forgery (CSRF) 
vulnerability exists in Weste
 CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer 
Overflow ...)
-       TODO: check
+       - gpac <not-affected> (Vulnerable code not present)
+       NOTE:
+       NOTE:
 CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows 
local ...)
        - bash-completion <unfixed> (unimportant)
        - util-linux 2.31.1-0.5 (bug #892179)

View it on GitLab:

View it on GitLab:
You're receiving this email because of your account on
Secure-testing-commits mailing list

Reply via email to