[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-25085 as not-affected for epiphany-browser/buster
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sat Jan 14 00:00:42 GMT 2023
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f3e0fa4 by Thorsten Alteholz at 2023-01-14T00:55:05+01:00
mark CVE-2019-25085 as not-affected for epiphany-browser/buster
- - - - -
a5908a06 by Thorsten Alteholz at 2023-01-14T01:00:15+01:00
mark several CVEs of gpac as either not-affected or EOL in Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4434,6 +4434,7 @@ CVE-2019-25085 (A vulnerability was found in GNOME gvdb. It has been classified
- glib2.0 2.66.0-1
[buster] - glib2.0 <not-affected> (Transient vulnerable code not present)
- epiphany-browser 3.34.1-1
+ [buster] - epiphany-browser <not-affected> (vulnerable code introduced later in version 3.33.4)
NOTE: Fix in gvdb: https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2019-06-27)
NOTE: Introduced by gvdb: https://github.com/GNOME/gvdb/commit/d12c5aaba8f2f6208c3493b42ab15a139c049d58 (2019-06-20)
NOTE: Fix in glib2.0: https://github.com/GNOME/glib/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2.65.0)
@@ -5406,41 +5407,49 @@ CVE-2022-47664
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)
CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)
CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2358
NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)
CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2357
NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)
CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2354
NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)
CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2356
NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)
CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2355
NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)
CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2353
NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)
CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...)
@@ -5450,11 +5459,13 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void
CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2350
NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)
CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2349
NOTE: https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0)
CVE-2022-47652
@@ -8321,26 +8332,31 @@ CVE-2022-47096
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2345
NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)
CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2344
NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)
CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2347
NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)
CVE-2022-47090
@@ -8348,21 +8364,25 @@ CVE-2022-47090
CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2338
NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)
CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2340
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...)
- gpac <unfixed>
[bullseye] - gpac <not-affected> (Vulnerable code not present)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2339
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2337
NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)
CVE-2022-47085
@@ -10048,10 +10068,12 @@ CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Adm
NOT-FOR-US: nbnbk
CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2327
NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0)
CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2328
NOTE: https://github.com/gpac/gpac/commit/44e8616ec6d0c37498cdacb81375b09249fa9daa (v2.2.0)
CVE-2022-46488
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1dc00e574823df3e173ba6767b3bda051e4c5973...a5908a06c1492259151813a6da9010d3d9519a51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1dc00e574823df3e173ba6767b3bda051e4c5973...a5908a06c1492259151813a6da9010d3d9519a51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230114/777dbc85/attachment.htm>
More information about the debian-security-tracker-commits
mailing list