[Git][security-tracker-team/security-tracker][master] gpac security fixes in experimental
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 25 15:01:46 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
939390e8 by Moritz Muehlenhoff at 2022-02-25T16:01:14+01:00
gpac security fixes in experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17503,12 +17503,13 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://www.openssl.org/news/secadv/20211214.txt
CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
NOTE: https://github.com/gpac/gpac/issues/2092
- NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db
+ NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db (v2.0.0)
CVE-2021-4042
RESERVED
CVE-2021-4041 [Improper shell escaping in ansible-runner]
@@ -41247,23 +41248,26 @@ CVE-2021-36419
CVE-2021-36418
RESERVED
CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/1846
- NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30
+ NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 (v2.0.0)
CVE-2021-36416
RESERVED
CVE-2021-36415
RESERVED
CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/1840
- NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21
+ NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 (v2.0.0)
CVE-2021-36413
RESERVED
CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/1838
- NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
+ NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0)
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
- libde265 <unfixed>
[bullseye] - libde265 <no-dsa> (Minor issue)
@@ -48551,6 +48555,7 @@ CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.
NOTE: https://github.com/gpac/gpac/issues/1786
NOTE: Negligible security impact
CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
@@ -48558,7 +48563,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
+ NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1780
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
- gpac <unfixed> (unimportant)
@@ -50956,6 +50961,7 @@ CVE-2021-32442
CVE-2021-32441
RESERVED
CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
@@ -50963,26 +50969,29 @@ CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
+ NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1772
CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
- NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae
+ NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1774
CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
- NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868
+ NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868 (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1769
CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e
+ NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1770
CVE-2021-32436
RESERVED
@@ -51626,6 +51635,7 @@ CVE-2021-32141
CVE-2021-32140
RESERVED
CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
@@ -51633,16 +51643,18 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
- NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
+ NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1768
CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b
+ NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1767
CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
@@ -51650,23 +51662,26 @@ CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4B
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <no-dsa> (Minor issue)
[buster] - ccextractor <no-dsa> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
+ NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1766
CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed
+ NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1765
CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
- NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8
+ NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8 (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1757
CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
@@ -51674,16 +51689,17 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
- NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
+ NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1756
CVE-2021-32133
RESERVED
CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
- NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23
+ NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23 (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1753
CVE-2021-32131
RESERVED
@@ -78765,6 +78781,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
+ [experimental] - gpac 2.0.0+dfsg1-1
- gpac <unfixed> (bug #987374; bug #990691)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
@@ -78772,7 +78789,7 @@ CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
- ccextractor 0.93+ds2-1 (bug #994746)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
- NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
+ NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
- gpac 1.0.1+dfsg1-4 (bug #987374)
@@ -100687,9 +100704,9 @@ CVE-2020-25429
CVE-2020-25428
RESERVED
CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2
NOTE: https://github.com/gpac/gpac/issues/1406
- NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
+ NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701 (v0.8.1)
CVE-2020-25426
RESERVED
CVE-2020-25425
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939390e8581cc541e311abfe6adf8c2afc78ae19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939390e8581cc541e311abfe6adf8c2afc78ae19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/3a83aa6e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list