[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-4520{2,4} (gpac) as end-of-life

Thu Dec 1 22:01:24 GMT 2022


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
addabc15 by Anton Gladky at 2022-12-01T22:44:19+01:00
Mark CVE-2022-4520{2,4} (gpac) as end-of-life

- - - - -
bf924387 by Anton Gladky at 2022-12-01T23:00:50+01:00
LTS: add vlc to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3400,6 +3400,7 @@ CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vuln
 	NOT-FOR-US: Jeecg-boot
 CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2307
 	NOTE: Introduced by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f
@@ -3408,6 +3409,7 @@ CVE-2022-45203
 	RESERVED
 CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
 	- gpac <unfixed>
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2296
 	NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da


=====================================
data/dla-needed.txt
=====================================
@@ -349,6 +349,12 @@ vim
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --
+vlc
+  NOTE: 20221201: Programming language: C.
+  NOTE: 20221201: VCS: https://salsa.debian.org/lts-team/packages/vlc.git
+  NOTE: 20221201: Please try to find a real patch for CVE-2022-41325 (gladk).
+  NOTE: 20221201: Backporting of a new version would be not the best idea. (gladk).
+--
 xdg-utils
   NOTE: 20221120: Programming language: C.
   NOTE: 20221120: no real fix yet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58a84f5ccca8fdf907d2ec4a6de0882a14033c9f...bf92438714cc73a1ee0a63b7ac891069f0b7181d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58a84f5ccca8fdf907d2ec4a6de0882a14033c9f...bf92438714cc73a1ee0a63b7ac891069f0b7181d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221201/6ac5040c/attachment-0001.htm>
