[Git][security-tracker-team/security-tracker][master] new gpac issues
Moritz Muehlenhoff
jmm at debian.org
Thu Apr 2 18:33:42 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f762fa4a by Moritz Muehlenhoff at 2020-04-02T19:33:16+02:00
new gpac issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1267,15 +1267,36 @@ CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute
CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1271
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1270
CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
+ NOTE: https://github.com/gpac/gpac/issues/1264
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- TODO: check
+ - gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+ NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
+ NOTE: https://github.com/gpac/gpac/issues/1269
CVE-2020-10880
RESERVED
CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...)
@@ -53572,9 +53593,9 @@ CVE-2019-10809
CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...)
NOT-FOR-US: utilitify
CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...)
- TODO: check
+ NOT-FOR-US: Node blamer
CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...)
- TODO: check
+ NOT-FOR-US: Node vega-util
CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...)
NOT-FOR-US: Node valib
CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...)
@@ -58317,9 +58338,9 @@ CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a4
- linux 4.19.37-4
NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...)
{DSA-4465-1 DLA-1824-1}
- linux 4.19.37-4
@@ -58404,9 +58425,9 @@ CVE-2019-9476
CVE-2019-9475
RESERVED
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due ...)
NOT-FOR-US: Android
CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds ...)
@@ -59160,7 +59181,7 @@ CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows att
CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
NOT-FOR-US: Nagios XI
CVE-2019-9163 (The connection initiation process in March Networks Command Client bef ...)
- TODO: check
+ NOT-FOR-US: March Networks
CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
@@ -72856,7 +72877,7 @@ CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vul
CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...)
NOT-FOR-US: SAP
CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...)
- TODO: check
+ NOT-FOR-US: SuSE packaging of munin
CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE ...)
TODO: check
CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
@@ -72875,7 +72896,7 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent
- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
- TODO: check
+ NOT-FOR-US: SuSE
CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
- openqa <itp> (bug #840253)
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
@@ -78151,7 +78172,7 @@ CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there i
CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
NOT-FOR-US: Android
CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...)
{DLA-2114-1 DLA-2068-1}
- linux 4.15.4-1
@@ -78449,9 +78470,9 @@ CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManage
CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...)
NOT-FOR-US: Android
CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...)
NOT-FOR-US: Android
CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...)
@@ -78511,7 +78532,7 @@ CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missi
CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...)
NOT-FOR-US: Android
CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2057
RESERVED
CVE-2019-2056
@@ -80639,7 +80660,7 @@ CVE-2018-19660 (An exploitable authenticated command-injection vulnerability exi
CVE-2018-19659 (An exploitable authenticated command-injection vulnerability exists in ...)
NOT-FOR-US: Moxa
CVE-2018-19658 (The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This ...)
- TODO: check
+ NOT-FOR-US: YXBJ
CVE-2018-19657
RESERVED
CVE-2018-19656
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f762fa4a8699e21c4f913e3640a551498616f2ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f762fa4a8699e21c4f913e3640a551498616f2ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200402/88972596/attachment.html>
More information about the debian-security-tracker-commits
mailing list