[Git][security-tracker-team/security-tracker][master] LTS: mark CVE-2021-33362/gpac as <not-affected> for stretch and buster
Roberto C. Sánchez (@roberto)
roberto at debian.org
Sat Apr 9 17:44:06 BST 2022
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df147132 by Roberto C. Sánchez at 2022-04-09T12:43:26-04:00
LTS: mark CVE-2021-33362/gpac as <not-affected> for stretch and buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56797,13 +56797,14 @@ CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.
CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
- [buster] - gpac <ignored> (Minor issue)
- [stretch] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1780
+ NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
- gpac <unfixed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df147132a80886048ef80f909a187af341083ad6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220409/502b8da9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list