[Git][security-tracker-team/security-tracker][master] 3 gpac CVEs fixed in 1.0.1+dfsg1-2
Neil Williams (@codehelp)
codehelp at debian.org
Mon Sep 27 15:48:13 BST 2021
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09edf278 by Neil Williams at 2021-09-27T15:47:55+01:00
3 gpac CVEs fixed in 1.0.1+dfsg1-2
CVE-2020-23269 and CVE-2020-23267 verified upstream poc against
current packages, no specific commit identified for the fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75603,13 +75603,20 @@ CVE-2020-23271
CVE-2020-23270
RESERVED
CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...)
- TODO: check
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1482
+ NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
CVE-2020-23268
RESERVED
CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...)
- TODO: check
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1479
+ NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...)
- TODO: check
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/commit/47d8bc5b3ddeed6d775197ebefae7c94a45d9bf2 (v1.0.1)
CVE-2020-23265
RESERVED
CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remot ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09edf2783e77dc0ce1a066c5ff615332476128e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09edf2783e77dc0ce1a066c5ff615332476128e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210927/75d01b2e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list