[Git][security-tracker-team/security-tracker][master] 2 commits: Added trafficserver to dla-needed with a note about low prio due to few users.

Ola Lundqvist (@opal) opal at debian.org
Mon Jun 19 06:17:43 BST 2023 

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abd42ec2 by Ola Lundqvist at 2023-06-19T07:17:24+02:00
Added trafficserver to dla-needed with a note about low prio due to few users.

- - - - -
c6fd8a48 by Ola Lundqvist at 2023-06-19T07:17:24+02:00
Marked a number of no-dsa entries for gpac in buster as end-of-life insead.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -69862,7 +69862,7 @@ CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1
 CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-4 (bug #1015788)
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
 	NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
 CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.)
@@ -88632,7 +88632,7 @@ CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control i
 CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-4 (bug #1016443)
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2173
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
@@ -96271,7 +96271,7 @@ CVE-2022-26968
 CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-4 (bug #1007224)
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2138
 	NOTE: https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0
@@ -111818,7 +111818,7 @@ CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to
 CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2011
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
@@ -111829,7 +111829,7 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the pr
 CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2013
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
@@ -111840,70 +111840,70 @@ CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to
 CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2008
 	NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0)
 CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2005
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2007
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2006
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2001
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2002
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2004
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2003
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1999
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
 CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2000
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
@@ -112967,7 +112967,7 @@ CVE-2021-45768
 CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1982
 	NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0)
@@ -112978,21 +112978,21 @@ CVE-2021-45765
 CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1971
 	NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0)
 CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function  ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1974
 	NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0)
 CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1978
 	NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0)
@@ -113001,7 +113001,7 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address
 CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1966
 	NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0)
@@ -114640,7 +114640,7 @@ CVE-2021-45298
 CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
-	[buster] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (No longer supported in LTS; Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1973
 	NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0)


=====================================
data/dla-needed.txt
=====================================
@@ -221,6 +221,10 @@ samba (Lee Garrett)
 syncthing
   NOTE: 20230616: Added by Front-Desk (opal)
 --
+trafficserver
+  NOTE: 20230618: Added by Front-Desk (opal)
+  NOTE: 20230618: Low prio due to the few number of users.
+--
 webkit2gtk (Emilio)
   NOTE: 20230512: Re-added (pochu)
   NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll have to EOL webkit (pochu)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d0ae311f69c76f1ed243b5eaf0215490af46108c...c6fd8a485560b9827c2fb484f736d3e1dde9fcf6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d0ae311f69c76f1ed243b5eaf0215490af46108c...c6fd8a485560b9827c2fb484f736d3e1dde9fcf6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230619/63a2e1ac/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list