[Git][security-tracker-team/security-tracker][master] Mark ccextractor issues as no-dsa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 20 18:15:02 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9f6280d by Salvatore Bonaccorso at 2021-09-20T19:14:04+02:00
Mark ccextractor issues as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18739,6 +18739,8 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
NOTE: https://github.com/gpac/gpac/issues/1780
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
@@ -21067,6 +21069,8 @@ CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <ignored> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
NOTE: https://github.com/gpac/gpac/issues/1772
CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
@@ -21690,6 +21694,8 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
NOTE: https://github.com/gpac/gpac/issues/1768
CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
@@ -21703,6 +21709,8 @@ CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4B
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
NOTE: https://github.com/gpac/gpac/issues/1766
CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
@@ -21723,6 +21731,8 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
NOTE: https://github.com/gpac/gpac/issues/1756
CVE-2021-32133
@@ -24149,6 +24159,8 @@ CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
NOTE: https://github.com/gpac/gpac/issues/1736
CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
@@ -24161,6 +24173,8 @@ CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows att
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
NOTE: https://github.com/gpac/gpac/issues/1706
CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
@@ -27381,6 +27395,8 @@ CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the h
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
NOTE: https://github.com/gpac/gpac/issues/1721
CVE-2021-30013
@@ -31625,6 +31641,8 @@ CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "Mer
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1702
NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca
CVE-2021-28299
@@ -46993,6 +47011,8 @@ CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist with
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315
@@ -48256,6 +48276,8 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
@@ -48264,6 +48286,8 @@ CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
@@ -71315,6 +71339,8 @@ CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Bo
NOTE: https://github.com/gpac/gpac/issues/1422
NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
CVE-2020-24828
RESERVED
CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
@@ -82137,6 +82163,8 @@ CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <not-affected> (Vulnerable code introduced later)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1272
NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20)
CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...)
@@ -116282,6 +116310,8 @@ CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL po
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1378
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
@@ -116291,6 +116321,8 @@ CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL po
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1377
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
@@ -120318,6 +120350,8 @@ CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1348
NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)
CVE-2019-20207
@@ -120592,6 +120626,8 @@ CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1337
NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
@@ -120601,6 +120637,8 @@ CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1328
NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -120646,6 +120684,8 @@ CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1327
NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -120654,6 +120694,8 @@ CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1320
NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -141955,6 +141997,8 @@ CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1179
NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f
CVE-2019-16342
@@ -150969,6 +151013,8 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1250
NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
@@ -155070,6 +155116,8 @@ CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buf
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
@@ -155078,6 +155126,8 @@ CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
@@ -155086,6 +155136,8 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor <unfixed> (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f6280d10a4387fe8c05b0f1731d3ee8947e91d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f6280d10a4387fe8c05b0f1731d3ee8947e91d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210920/a0256e79/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list