[Git][security-tracker-team/security-tracker][master] Track several fixes for gpac issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 7 12:40:55 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
563e10ad by Salvatore Bonaccorso at 2023-03-07T13:40:20+01:00
Track several fixes for gpac issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47004,7 +47004,7 @@ CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discov
CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
- - gpac <unfixed> (bug #1019595)
+ - gpac 2.0.0+dfsg1-4 (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2216
@@ -51660,7 +51660,7 @@ CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of
CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
- - gpac <unfixed> (bug #1016142)
+ - gpac 2.0.0+dfsg1-4 (bug #1016142)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
NOTE: https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537
@@ -53461,13 +53461,13 @@ CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote atta
CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
- - gpac <unfixed> (bug #1019595)
+ - gpac 2.0.0+dfsg1-4 (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2218
NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
- - gpac <unfixed> (bug #1019595)
+ - gpac 2.0.0+dfsg1-4 (bug #1019595)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2220
@@ -53480,7 +53480,7 @@ CVE-2022-36188
CVE-2022-36187
RESERVED
CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...)
- - gpac <unfixed> (bug #1019595)
+ - gpac 2.0.0+dfsg1-4 (bug #1019595)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2223
@@ -53633,13 +53633,13 @@ CVE-2022-36128
CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...)
NOT-FOR-US: Apache SkyWalking
CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
- - gpac <unfixed> (bug #1015788)
+ - gpac 2.0.0+dfsg1-4 (bug #1015788)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. ...)
- - gpac <unfixed> (bug #1015788)
+ - gpac 2.0.0+dfsg1-4 (bug #1015788)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
@@ -67860,7 +67860,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ..
NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -67921,7 +67921,7 @@ CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisat
CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72164,7 +72164,7 @@ CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escala
CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
NOT-FOR-US: Dingtian
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72358,7 +72358,7 @@ CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command
CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -72900,14 +72900,14 @@ CVE-2022-29342
CVE-2022-29341
RESERVED
CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
NOTE: https://github.com/gpac/gpac/issues/2163
CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -75061,7 +75061,7 @@ CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior
CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prior to ...)
- phpipam <itp> (bug #731713)
CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -76185,7 +76185,7 @@ CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE vers
CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...)
NOT-FOR-US: Grav CMS
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -78987,7 +78987,7 @@ CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that imag
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- - gpac <unfixed> (bug #1016443)
+ - gpac 2.0.0+dfsg1-4 (bug #1016443)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -79985,7 +79985,7 @@ CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN an
CVE-2022-26968
RESERVED
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
- - gpac <unfixed> (bug #1007224)
+ - gpac 2.0.0+dfsg1-4 (bug #1007224)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563e10ad1c9ac537548a355021279b28160e9e70
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563e10ad1c9ac537548a355021279b28160e9e70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230307/76823875/attachment.htm>
More information about the debian-security-tracker-commits
mailing list