[Git][security-tracker-team/security-tracker][master] Marked 43 CVEs (some from 2020, some from 2021 and some from 2022) as...
Ola Lundqvist (@opal)
opal at debian.org
Fri May 20 23:11:30 BST 2022
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41628ef6 by Ola Lundqvist at 2022-05-21T00:10:47+02:00
Marked 43 CVEs (some from 2020, some from 2021 and some from 2022) as end-of-life in stretch for gpac.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -588,6 +588,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ..
NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
- gpac <unfixed>
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514
CVE-2022-1794
@@ -632,6 +633,7 @@ CVE-2022-1776
RESERVED
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- gpac <unfixed>
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2179
NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78
CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...)
@@ -4586,6 +4588,7 @@ CVE-2022-29593
RESERVED
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- gpac <unfixed>
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2175
NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_r ...)
@@ -4772,6 +4775,7 @@ CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2173
NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...)
@@ -5299,12 +5303,14 @@ CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereferen
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
NOTE: https://github.com/gpac/gpac/issues/2163
CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f
NOTE: https://github.com/gpac/gpac/issues/2165
CVE-2022-29338
@@ -7323,6 +7329,7 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio
- phpipam <itp> (bug #731713)
CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
- gpac <unfixed>
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
CVE-2022-1221
@@ -8442,6 +8449,7 @@ CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repo
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/
NOTE: https://github.com/gpac/gpac/issues/2153
NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
@@ -11168,6 +11176,7 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- gpac <unfixed>
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243
CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...)
@@ -11732,18 +11741,22 @@ CVE-2022-27149
REJECTED
CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2067
NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0)
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2109
NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0)
CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2120
NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0)
CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/2108
CVE-2022-27144
@@ -12156,6 +12169,7 @@ CVE-2022-26968
RESERVED
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
- gpac <unfixed> (bug #1007224)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2138
NOTE: https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0
CVE-2022-26966 (An issue was discovered in the Linux kernel before 5.16.12. drivers/ne ...)
@@ -18938,24 +18952,29 @@ CVE-2022-24579
RESERVED
CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/
NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0)
CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/
NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0)
CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box. ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2061
NOTE: https://huntr.dev/bounties/011ac07c-6139-4f43-b745-424143e60ac7/
NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0)
CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2058
NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/
NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0)
CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/
NOTE: https://github.com/gpac/gpac/issues/2055
NOTE: https://github.com/gpac/gpac/commit/9f8510835b97a729baf3646a3171bf51b4a8592e (v2.0.0)
@@ -20047,6 +20066,7 @@ CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 vi
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2081
NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9 (v2.0.0)
CVE-2022-24248 (RiteCMS version 3.1.0 and below suffers from an arbitrary file deletio ...)
@@ -23520,6 +23540,7 @@ CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a seg
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2039
NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0)
CVE-2021-46312
@@ -23528,6 +23549,7 @@ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2038
NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0)
CVE-2021-46310
@@ -25111,30 +25133,35 @@ CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2028
NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d (v2.0.0)
CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2026
NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4 (v2.0.0)
CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2027
NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf (v2.0.0)
CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2033
NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00 (v2.0.0)
CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2024
NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d (v2.0.0)
CVE-2021-46235
@@ -25143,6 +25170,7 @@ CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 v
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2023
NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
@@ -27215,6 +27243,7 @@ CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2011
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...)
@@ -27225,6 +27254,7 @@ CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2013
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
@@ -27235,60 +27265,70 @@ CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2008
NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0)
CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2005
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2007
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2006
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2001
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2002
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2004
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2003
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1999
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2000
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
@@ -28174,6 +28214,7 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.
NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1990
NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 (v2.0.0)
CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
@@ -28308,6 +28349,7 @@ CVE-2021-45768
RESERVED
CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1982
NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0)
CVE-2021-45766
@@ -28316,20 +28358,24 @@ CVE-2021-45765
RESERVED
CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1971
NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0)
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1974
NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0)
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1978
NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0)
CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
NOT-FOR-US: ROPium
CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1966
NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0)
CVE-2021-45759
@@ -29941,6 +29987,7 @@ CVE-2021-45298
RESERVED
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1973
NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0)
CVE-2021-45296
@@ -29957,10 +30004,12 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to
NOTE: Crash in CLI tool, no security impact
CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1958
NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0)
CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1955
NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc (v2.0.0)
CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...)
@@ -29971,10 +30020,12 @@ CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to a
NOTE: Crash in CLI tool, no security impact
CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1972
NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d (v2.0.0)
CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1956
NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 (v2.0.0)
CVE-2021-45287
@@ -30019,10 +30070,12 @@ CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability
NOT-FOR-US: Backdrop CMS
CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1965
NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 (v2.0.0)
CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1985
NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e (v2.0.0)
CVE-2021-45265
@@ -30031,10 +30084,12 @@ CVE-2021-45264
RESERVED
CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1975
NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0)
CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1980
NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a (v2.0.0)
CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
@@ -30045,6 +30100,7 @@ CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1979
NOTE: https://github.com/gpac/gpac/issues/1977
NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04 (v2.0.0)
@@ -30053,12 +30109,14 @@ CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1986
NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29 (v2.0.0)
CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1970
NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad (v2.0.0)
CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
@@ -31422,44 +31480,54 @@ CVE-2021-44928
RESERVED
CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1960
NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 (v2.0.0)
CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1961
NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e (v2.0.0)
CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1967
NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 (v2.0.0)
CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1959
NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 (v2.0.0)
CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1962
NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0)
CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1969
NOTE: https://github.com/gpac/gpac/issues/1968
NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0)
CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1964
NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 (v2.0.0)
CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1957
NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 (v2.0.0)
CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1963
NOTE: https://github.com/gpac/gpac/issues/1962
NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0)
CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1968
NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0)
CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...)
@@ -46638,62 +46706,77 @@ CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sour
NOT-FOR-US: Sourcecodester
CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1904
NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0)
CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1905
NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0)
CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1897
NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb (v2.0.0)
CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1891
NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0)
CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1893
NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0)
CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1895
NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0)
CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1899
NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0)
CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1890
NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0)
CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1900
NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0)
CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1889
NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0)
CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1887
NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0)
CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1902
NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0)
CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1898
NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0)
CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1892
NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0)
CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1901
NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3 (v2.0.0)
CVE-2021-40561
@@ -46702,6 +46785,7 @@ CVE-2021-40560
RESERVED
CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1886
NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7 (v2.0.0)
CVE-2021-40558
@@ -57046,6 +57130,7 @@ CVE-2021-36418
RESERVED
CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1846
NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 (v2.0.0)
CVE-2021-36416
@@ -57054,12 +57139,14 @@ CVE-2021-36415
RESERVED
CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1840
NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 (v2.0.0)
CVE-2021-36413
RESERVED
CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
- gpac 2.0.0+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1838
NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0)
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
@@ -67252,6 +67339,7 @@ CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-ov
NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0)
CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1)
NOTE: https://github.com/gpac/gpac/issues/1575
CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
@@ -67268,6 +67356,7 @@ CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer
NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1)
CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1587
NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1)
CVE-2021-32267
@@ -116778,6 +116867,7 @@ CVE-2020-25428
RESERVED
CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1406
NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701 (v0.8.1)
CVE-2020-25426
@@ -118171,6 +118261,7 @@ CVE-2020-24830
RESERVED
CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1422
NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2
- ccextractor 0.93+ds2-1 (bug #994746)
@@ -121665,6 +121756,7 @@ CVE-2020-23270
RESERVED
CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1482
NOTE: fixed by fixes for related bugs, no specific commit identified upstream
NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
@@ -121673,12 +121765,14 @@ CVE-2020-23268
RESERVED
CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1479
NOTE: fixed by fixes for related bugs, no specific commit identified upstream
NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
NOTE: https://github.com/gpac/gpac/commit/b286aa0cdc0cb781e96430c8777d38f066a2c9f9 (v0.9.0, v0.8.1)
CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...)
- gpac 1.0.1+dfsg1-2
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/47d8bc5b3ddeed6d775197ebefae7c94a45d9bf2 (v0.9.0, v0.8.1)
NOTE: https://github.com/gpac/gpac/issues/1481
CVE-2020-23265
@@ -122880,6 +122974,7 @@ CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0
CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...)
- gpac 1.0.1+dfsg1-2
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1339
NOTE: https://github.com/gpac/gpac/commit/7644478ecfa25fd9505ee11ef12deb475cd97025
NOTE: https://github.com/gpac/gpac/commit/524e2bbdb294d5aa4c84bf83db4d328a588b55f7
@@ -122887,6 +122982,7 @@ CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_
CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...)
- gpac 1.0.1+dfsg1-2
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1341
NOTE: https://github.com/gpac/gpac/commit/a0e6aa849002863a63e6f9e9daecca47042954c4
CVE-2020-22676
@@ -122894,6 +122990,7 @@ CVE-2020-22676
CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...)
- gpac 1.0.1+dfsg1-2
[buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1344
NOTE: https://github.com/gpac/gpac/commit/5aa8c4bbd970a3a77517b00528a596063efca1a9
CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41628ef6fc14521bf9a01cb266ad50eedf8d62fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41628ef6fc14521bf9a01cb266ad50eedf8d62fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/573f035c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list