[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 6 08:41:41 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99ed24cb by Moritz Muehlenhoff at 2021-07-06T09:41:28+02:00
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11391,14 +11391,17 @@ CVE-2021-31263
 	RESERVED
 CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50
 	NOTE: https://github.com/gpac/gpac/issues/1738
 CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...)
-	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	- gpac 1.0.1+dfsg1-4 (unimportant; bug #987280)
 	NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65
 	NOTE: https://github.com/gpac/gpac/issues/1737
+	NOTE: Negligible security impact
 CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
 	NOTE: https://github.com/gpac/gpac/issues/1736
 CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
@@ -11408,18 +11411,22 @@ CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.
 	NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
 CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
 	NOTE: https://github.com/gpac/gpac/issues/1706
 CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
 	NOTE: https://github.com/gpac/gpac/issues/1734
 CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...)
-	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	- gpac 1.0.1+dfsg1-4 (bug #987280; unimportant)
 	NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e
 	NOTE: https://github.com/gpac/gpac/issues/1705
+	NOTE: Negligible security impact
 CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1  ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987280)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5
 	NOTE: https://github.com/gpac/gpac/issues/1733
 CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1  ...)
@@ -13870,6 +13877,7 @@ CVE-2021-30200
 	RESERVED
 CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987323)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca
 	NOTE: https://github.com/gpac/gpac/issues/1728
 CVE-2021-30198
@@ -14393,16 +14401,19 @@ CVE-2021-30023
 	RESERVED
 CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987323)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
 	NOTE: https://github.com/gpac/gpac/issues/1720
 CVE-2021-30021
 	RESERVED
 CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987323)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
 	NOTE: https://github.com/gpac/gpac/issues/1722
 CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987323)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc
 	NOTE: https://github.com/gpac/gpac/issues/1723
 CVE-2021-30018
@@ -14413,6 +14424,7 @@ CVE-2021-30016
 	RESERVED
 CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...)
 	- gpac 1.0.1+dfsg1-4 (bug #987323)
+	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec
 	NOTE: https://github.com/gpac/gpac/issues/1719
 CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ed24cb7d712ecff548f02fe60044be90a5ab14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99ed24cb7d712ecff548f02fe60044be90a5ab14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210706/a454a322/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list