[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3178 (and update CVE-2022-30976 notes)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 12 21:18:44 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d46c624 by Salvatore Bonaccorso at 2022-09-12T22:17:49+02:00
Add CVE-2022-3178 (and update CVE-2022-30976 notes)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -215,7 +215,10 @@ CVE-2022-3180
 CVE-2022-3179
 	RESERVED
 CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
-	TODO: check
+	- gpac <not-affected> (Fix for CVE-2022-30976 not applied)
+	NOTE: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
+	NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
+	NOTE: Introduced by the fix for CVE-2022-30976.
 CVE-2022-3177
 	RESERVED
 CVE-2022-3176
@@ -25163,6 +25166,9 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2179
 	NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78
+	NOTE: When fixing this issue make sure to as well apply (cf. CVE-2022-3178)
+	NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
+	NOTE: to not open that issue.
 CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...)
 	- mujs 1.2.0-3
 	[bullseye] - mujs <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d46c624c48b2ba6b3d9e2a142da9396e476ada3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d46c624c48b2ba6b3d9e2a142da9396e476ada3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/ad29ad82/attachment.htm>

More information about the debian-security-tracker-commits mailing list