[Git][security-tracker-team/security-tracker][master] Track several fixes for gpac issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 7 12:40:55 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
563e10ad by Salvatore Bonaccorso at 2023-03-07T13:40:20+01:00
Track several fixes for gpac issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47004,7 +47004,7 @@ CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discov
 CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
 	NOT-FOR-US: FPT router
 CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
-	- gpac <unfixed> (bug #1019595)
+	- gpac 2.0.0+dfsg1-4 (bug #1019595)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2216
@@ -51660,7 +51660,7 @@ CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of
 CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
-	- gpac <unfixed> (bug #1016142)
+	- gpac 2.0.0+dfsg1-4 (bug #1016142)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537
@@ -53461,13 +53461,13 @@ CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote atta
 CVE-2022-36192
 	RESERVED
 CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
-	- gpac <unfixed> (bug #1019595)
+	- gpac 2.0.0+dfsg1-4 (bug #1019595)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2218
 	NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
-	- gpac <unfixed> (bug #1019595)
+	- gpac 2.0.0+dfsg1-4 (bug #1019595)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2220
@@ -53480,7 +53480,7 @@ CVE-2022-36188
 CVE-2022-36187
 	RESERVED
 CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...)
-	- gpac <unfixed> (bug #1019595)
+	- gpac 2.0.0+dfsg1-4 (bug #1019595)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2223
@@ -53633,13 +53633,13 @@ CVE-2022-36128
 CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The  ...)
 	NOT-FOR-US: Apache SkyWalking
 CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
-	- gpac <unfixed> (bug #1015788)
+	- gpac 2.0.0+dfsg1-4 (bug #1015788)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
 	NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
 CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. ...)
-	- gpac <unfixed> (bug #1015788)
+	- gpac 2.0.0+dfsg1-4 (bug #1015788)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
@@ -67860,7 +67860,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ..
 	NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -67921,7 +67921,7 @@ CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisat
 CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72164,7 +72164,7 @@ CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escala
 CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
 	NOT-FOR-US: Dingtian
 CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72358,7 +72358,7 @@ CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command
 CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
 	NOT-FOR-US: RESI Gemini-Net
 CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72900,14 +72900,14 @@ CVE-2022-29342
 CVE-2022-29341
 	RESERVED
 CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
 	NOTE: https://github.com/gpac/gpac/issues/2163
 CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -75061,7 +75061,7 @@ CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior
 CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to  ...)
 	- phpipam <itp> (bug #731713)
 CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -76185,7 +76185,7 @@ CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE vers
 CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...)
 	NOT-FOR-US: Grav CMS
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <ignored> (Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -78987,7 +78987,7 @@ CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that imag
 CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
 	NOT-FOR-US: microweber
 CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
-	- gpac <unfixed> (bug #1016443)
+	- gpac 2.0.0+dfsg1-4 (bug #1016443)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -79985,7 +79985,7 @@ CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN an
 CVE-2022-26968
 	RESERVED
 CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
-	- gpac <unfixed> (bug #1007224)
+	- gpac 2.0.0+dfsg1-4 (bug #1007224)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563e10ad1c9ac537548a355021279b28160e9e70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563e10ad1c9ac537548a355021279b28160e9e70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230307/76823875/attachment.htm>


More information about the debian-security-tracker-commits mailing list