[Git][security-tracker-team/security-tracker][master] Update 3 ccextractor CVEs for older embedded gpac
Neil Williams (@codehelp)
codehelp at debian.org
Tue Sep 21 14:45:20 BST 2021
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4133168 by Neil Williams at 2021-09-21T14:44:59+01:00
Update 3 ccextractor CVEs for older embedded gpac
buster and bullseye ccextractor contain an embedded gpac 0.7.1
These CVEs rely on changes between that version and the gpac
version in unstable. gpac itself in buster and bullseye is 0.5.2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21823,8 +21823,8 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
- [bullseye] - ccextractor <no-dsa> (Minor issue)
- [buster] - ccextractor <no-dsa> (Minor issue)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
NOTE: https://github.com/gpac/gpac/issues/1768
CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
@@ -21860,8 +21860,8 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
- [bullseye] - ccextractor <no-dsa> (Minor issue)
- [buster] - ccextractor <no-dsa> (Minor issue)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
NOTE: https://github.com/gpac/gpac/issues/1756
CVE-2021-32133
@@ -48428,8 +48428,8 @@ CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
- ccextractor 0.93+ds2-1 (bug #994746)
- [bullseye] - ccextractor <no-dsa> (Minor issue)
- [buster] - ccextractor <no-dsa> (Minor issue)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4133168614738d79de72b61f0a80bd4be519528
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4133168614738d79de72b61f0a80bd4be519528
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210921/826558ac/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list