[Git][security-tracker-team/security-tracker][master] 4 commits: Add upstream tag information for CVE-2020-19488

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 8 08:13:45 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0aa127b1 by Salvatore Bonaccorso at 2022-01-08T09:11:04+01:00
Add upstream tag information for CVE-2020-19488

- - - - -
81e5498d by Salvatore Bonaccorso at 2022-01-08T09:11:05+01:00
Add upstream tag information for CVE-2020-19481

- - - - -
bfd531ad by Salvatore Bonaccorso at 2022-01-08T09:11:06+01:00
Slightly reorder notes for CVE-2020-11558

Though might need to be rechecked as the issue was found in upstream
issue affecting 0.8.0 apparently.

- - - - -
9fcffc6a by Salvatore Bonaccorso at 2022-01-08T09:13:07+01:00
Add upstream tag information for CVE-2019-20629

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -101839,9 +101839,9 @@ CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0
 	- gpac 1.0.1+dfsg1-2
 	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
-	NOTE: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09
 	NOTE: https://github.com/gpac/gpac/issues/1263
-	NOTE: Introduced by https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf
+	NOTE: Introduced by: https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf (v0.8.0)
+	NOTE: Fixed by: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 (v0.9.0-preview)
 CVE-2020-19487
 	RESERVED
 CVE-2020-19486
@@ -101858,11 +101858,11 @@ CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by
 	- gpac 1.0.1+dfsg1-2
 	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
-	NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
 	NOTE: https://github.com/gpac/gpac/issues/1265
 	NOTE: https://github.com/gpac/gpac/issues/1266
 	NOTE: https://github.com/gpac/gpac/issues/1267
-	NOTE: Introduced by https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88
+	NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+	NOTE: Fixed by: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
 CVE-2020-19480
 	RESERVED
 CVE-2020-19479
@@ -122737,9 +122737,10 @@ CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstra
 	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
-	NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
 	NOTE: https://github.com/gpac/gpac/issues/1440
-	NOTE: Introduced by https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649
+	NOTE: Introduced by: https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 (v0.9.0-preview)
+	NOTE: and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649 (v0.9.0-preview)
+	NOTE: Fixed by: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c (v0.9.0-preview~20)
 CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
 	NOT-FOR-US: Castle Rock SNMPc
 CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
@@ -124568,9 +124569,9 @@ CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de
 	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[jessie] - gpac <ignored> (Minor issue)
-	NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
 	NOTE: https://github.com/gpac/gpac/issues/1264
-	NOTE: Introduced by https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88
+	NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+	NOTE: Fixed by: qhttps://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
 CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
 	- gpac 1.0.1+dfsg1-2 (bug #972053)
 	[buster] - gpac <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44c381b1ad5fc5da9876dcb8e75d3022e4188330...9fcffc6a68db62f2dff094c70bbbf6f929e8ed4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/44c381b1ad5fc5da9876dcb8e75d3022e4188330...9fcffc6a68db62f2dff094c70bbbf6f929e8ed4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220108/d676e25b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list