[Git][security-tracker-team/security-tracker][master] Add new gpac issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4a1003a by Salvatore Bonaccorso at 2022-03-14T22:09:53+01:00
Add new gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6887,15 +6887,28 @@ CVE-2022-24580
 CVE-2022-24579
 	RESERVED
 CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
-	TODO: check
+	- gpac 2.0.0+dfsg1-2
+	NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/
+	NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0)
 CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...)
-	TODO: check
+	- gpac 2.0.0+dfsg1-2
+	NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/
+	NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0)
 CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box. ...)
-	TODO: check
+	- gpac 2.0.0+dfsg1-2
+	NOTE: https://github.com/gpac/gpac/issues/2061
+	NOTE: https://huntr.dev/bounties/011ac07c-6139-4f43-b745-424143e60ac7/
+	NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0)
 CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...)
-	TODO: check
+	- gpac 2.0.0+dfsg1-2
+	NOTE: https://github.com/gpac/gpac/issues/2058
+	NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/
+	NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0)
 CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...)
-	TODO: check
+	- gpac 2.0.0+dfsg1-2
+	NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/
+	NOTE: https://github.com/gpac/gpac/issues/2055
+	NOTE: https://github.com/gpac/gpac/commit/9f8510835b97a729baf3646a3171bf51b4a8592e (v2.0.0)
 CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin interfa ...)
 	NOT-FOR-US: Element-IT
 CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4a1003a9fe0db6de560948b85c1c3c2a099c274

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4a1003a9fe0db6de560948b85c1c3c2a099c274
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220314/9109b1df/attachment.htm>