[Git][security-tracker-team/security-tracker][master] gpac triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e715dae by Moritz Muehlenhoff at 2023-06-19T23:58:05+02:00
gpac triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2030,7 +2030,6 @@ CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.
 	NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594
 CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
 	- gpac <unfixed>
-	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
 	NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7
@@ -11592,7 +11591,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in
 	NOT-FOR-US: ForgeRock
 CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
 	- gpac <unfixed> (bug #1034187)
-	[bullseye] - gpac <no-dsa> (Minor issue)
+	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
 	NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4
@@ -20991,7 +20990,7 @@ CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add
 	NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5
 CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...)
 	- gpac <unfixed> (bug #1034890)
-	[bullseye] - gpac <no-dsa> (Minor issue)
+	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
 	NOT-FOR-US: PHPCrazy
@@ -21733,7 +21732,6 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plug
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
 	- gpac <unfixed> (bug #1033116)
-	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
 	NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe


=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ asterisk/oldstable
 --
 cinder/oldstable
 --
+gpac/oldstable (jmm)
+--
 hsqldb1.8.0
   Maintainer has prepared updates, reviewed and upload ready
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e715daeab47abb9aee8be306a12e6b58ea30bb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e715daeab47abb9aee8be306a12e6b58ea30bb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230619/e14c6ff6/attachment-0001.htm>