[Git][security-tracker-team/security-tracker][master] 2 commits: Mark 3 gpac CVEs as EOL for buster
Anton Gladky (@gladk)
gladk at debian.org
Tue Mar 21 05:37:23 GMT 2023
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1df97c1 by Anton Gladky at 2023-03-21T06:35:41+01:00
Mark 3 gpac CVEs as EOL for buster
- - - - -
e8a8f822 by Anton Gladky at 2023-03-21T06:36:40+01:00
LTS: add curl to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -502,6 +502,7 @@ CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It ha
NOT-FOR-US: Watchdog Anti-Virus
CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2386
NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified as pr ...)
@@ -510,10 +511,12 @@ CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as proble
NOT-FOR-US: MP4v2
CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2387
NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9
CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...)
- gpac <unfixed>
+ [buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2388
NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463
CVE-2023-1447 (A vulnerability, which was classified as problematic, has been found i ...)
=====================================
data/dla-needed.txt
=====================================
@@ -38,6 +38,12 @@ consul (Abhijith PA)
NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail.
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/consul.git
--
+curl
+ NOTE: 20230321: Programming language: C.
+ NOTE: 20230321: VCS: https://salsa.debian.org/lts-team/packages/curl.git
+ NOTE: 20230321: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/curl.html
+ NOTE: 20230321: Special attention: High popcon! Roberto has some experience with the package..
+--
docker.io (gladk)
NOTE: 20230303: Programming language: Go.
NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5a4f2c3e631fe6577ae35f57f400d907c83f9ee...e8a8f822978be6c1491f202a03e7122b827bb87e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5a4f2c3e631fe6577ae35f57f400d907c83f9ee...e8a8f822978be6c1491f202a03e7122b827bb87e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/a44f82a4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list