[Git][security-tracker-team/security-tracker][master] 2 commits: Add new round of Debian bug references for gpac issues

Salvatore Bonaccorso carnil at debian.org
Thu Apr 22 19:00:50 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48a5dcdf by Salvatore Bonaccorso at 2021-04-22T19:58:37+02:00
Add new round of Debian bug references for gpac issues

It looks there is again a round of fuzzing/testing of gpac recently,
resulting in many CVEs. Pending evaluation if they are severe enough for
a stable update.

- - - - -
3aaca044 by Salvatore Bonaccorso at 2021-04-22T20:00:29+02:00
Indent one note with tabs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23196,19 +23196,19 @@ CVE-2020-35984
 CVE-2020-35983
 	RESERVED
 CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619
 	NOTE: https://github.com/gpac/gpac/issues/1660
 CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
 	NOTE: https://github.com/gpac/gpac/issues/1659
 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
 	NOTE: https://github.com/gpac/gpac/issues/1661
 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc
 	NOTE: https://github.com/gpac/gpac/issues/1662
 CVE-2020-35978
@@ -47905,22 +47905,22 @@ CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user
 CVE-2020-23933
 	REJECTED
 CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer dereferen ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784
 	NOTE: https://github.com/gpac/gpac/issues/1566
 CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1
 	NOTE: https://github.com/gpac/gpac/issues/1564
 	NOTE: https://github.com/gpac/gpac/issues/1567
 CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349
 	NOTE: https://github.com/gpac/gpac/issues/1565
 CVE-2020-23929
 	RESERVED
 CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #987374)
 	NOTE: https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3
 	NOTE: https://github.com/gpac/gpac/issues/1568
 	NOTE: https://github.com/gpac/gpac/issues/1569
@@ -215376,7 +215376,7 @@ CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x p
 	[jessie] - libspring-java <not-affected> (Vulnerable code introduced later)
 	NOTE: https://pivotal.io/security/cve-2018-1257
 	NOTE: websocket introduced in v4 https://github.com/spring-projects/spring-framework/commit/4e67f809fbc1957e40fc787686b63254eaa8d7fa
-       NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable)
+	NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable)
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
 	NOT-FOR-US: Spring Cloud SSO Connector
 CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/586dbdae1d20e920aded1b0720cc9703d332f7b6...3aaca044a6d0db03ff4933f55cf874325ca8e188

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/586dbdae1d20e920aded1b0720cc9703d332f7b6...3aaca044a6d0db03ff4933f55cf874325ca8e188
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210422/2c769f4c/attachment.htm>

More information about the debian-security-tracker-commits mailing list