[Git][security-tracker-team/security-tracker][master] gpac DSA
Aron Xu (@aron)
aron at debian.org
Fri May 26 14:57:18 BST 2023
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a375365 by Aron Xu at 2023-05-26T21:56:16+08:00
gpac DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -365,25 +365,21 @@ CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to con
NOT-FOR-US: cu/silicon
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
- gpac <unfixed> (bug #1036701)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
- gpac <unfixed> (bug #1036701)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
- gpac <unfixed> (bug #1036701)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- gpac <unfixed> (bug #1036701)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611
@@ -17830,7 +17826,6 @@ CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilitie
NOT-FOR-US: OpenNMS
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
@@ -18274,13 +18269,11 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does n
NOT-FOR-US: WordPress plugin
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff
@@ -18848,7 +18841,6 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -30899,31 +30891,26 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h
NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10)
CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2360
NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)
CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2359
NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)
CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2358
NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)
CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2357
NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)
CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2354
NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)
@@ -30935,7 +30922,6 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov
NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)
CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2355
NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)
@@ -33866,13 +33852,11 @@ CVE-2022-47096
RESERVED
CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2346
NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2345
NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)
@@ -33890,7 +33874,6 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove
NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)
CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)
@@ -33916,7 +33899,6 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g
NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2337
NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)
@@ -36471,7 +36453,6 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908
@@ -39345,7 +39326,6 @@ CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -39470,7 +39450,6 @@ CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -39639,7 +39618,6 @@ CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
@@ -54713,7 +54691,6 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
- gpac <unfixed> (bug #1033116)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
@@ -60566,7 +60543,6 @@ CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
- gpac 2.0.0+dfsg1-4 (bug #1019595)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2216
NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d
@@ -67029,13 +67005,11 @@ CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
- gpac 2.0.0+dfsg1-4 (bug #1019595)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2218
NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3
CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
- gpac 2.0.0+dfsg1-4 (bug #1019595)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2220
NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218
@@ -67203,7 +67177,6 @@ CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1
NOT-FOR-US: Apache SkyWalking
CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
- gpac 2.0.0+dfsg1-4 (bug #1015788)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
@@ -81458,7 +81431,6 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.)
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
@@ -85765,7 +85737,6 @@ CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmwar
NOT-FOR-US: Dingtian
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2175
@@ -85959,7 +85930,6 @@ CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control i
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2173
@@ -88662,7 +88632,6 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio
- phpipam <itp> (bug #731713)
CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.)
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
@@ -92595,7 +92564,6 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- gpac 2.0.0+dfsg1-4 (bug #1016443)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
@@ -93164,7 +93132,6 @@ CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to
NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0)
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2109
@@ -93178,7 +93145,6 @@ CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overf
NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0)
CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0)
@@ -93594,7 +93560,6 @@ CVE-2022-26968
RESERVED
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
- gpac 2.0.0+dfsg1-4 (bug #1007224)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2138
@@ -100697,14 +100662,12 @@ CVE-2022-24579
RESERVED
CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/
NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0)
CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/
@@ -100727,7 +100690,6 @@ CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through
NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0)
CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/
@@ -109141,7 +109103,6 @@ CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to
NOTE: Crash in CLI tool, no security impact
CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2011
@@ -109152,7 +109113,6 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the pr
NOTE: Crash in CLI tool, no security impact
CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2013
@@ -109163,70 +109123,60 @@ CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to
NOTE: Crash in CLI tool, no security impact
CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2008
NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0)
CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2005
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2007
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2006
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2001
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2002
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2004
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2003
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1999
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0)
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/2000
@@ -110148,7 +110098,6 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.
NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1990
@@ -110290,7 +110239,6 @@ CVE-2021-45768
RESERVED
CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1982
@@ -110301,21 +110249,18 @@ CVE-2021-45765
RESERVED
CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1971
NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0)
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1974
NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0)
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1978
@@ -110324,7 +110269,6 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address
NOT-FOR-US: ROPium
CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1966
@@ -111963,7 +111907,6 @@ CVE-2021-45298
RESERVED
CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1973
@@ -111982,14 +111925,12 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to
NOTE: Crash in CLI tool, no security impact
CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1958
NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0)
CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1955
@@ -112056,7 +111997,6 @@ CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Back
- backdrop <itp> (bug #914257)
CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1965
@@ -112074,14 +112014,12 @@ CVE-2021-45264
RESERVED
CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1975
NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0)
CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1980
@@ -114949,7 +114887,6 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie
NOTE: https://www.openssl.org/news/secadv/20211214.txt
CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
- gpac 2.0.0+dfsg1-2
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
@@ -177663,7 +177600,6 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
- gpac 2.0.0+dfsg1-2 (bug #987374; bug #990691)
- [bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
- ccextractor 0.93+ds2-1 (bug #994746)
=====================================
data/DSA/list
=====================================
@@ -1,6 +1,9 @@
[26 May 2023] DSA-5413-1 sniproxy - security update
{CVE-2023-25076}
[bullseye] - sniproxy 0.6.0-2+deb11u1
+[26 May 2023] DSA-5411-1 gpac - security update
+ {CVE-2020-35980 CVE-2021-4043 CVE-2021-21852 CVE-2021-33361 CVE-2021-33363 CVE-2021-33364 CVE-2021-33365 CVE-2021-33366 CVE-2021-36412 CVE-2021-36414 CVE-2021-36417 CVE-2021-40559 CVE-2021-40562 CVE-2021-40563 CVE-2021-40564 CVE-2021-40565 CVE-2021-40566 CVE-2021-40567 CVE-2021-40568 CVE-2021-40569 CVE-2021-40570 CVE-2021-40571 CVE-2021-40572 CVE-2021-40574 CVE-2021-40575 CVE-2021-40576 CVE-2021-40592 CVE-2021-40606 CVE-2021-40608 CVE-2021-40609 CVE-2021-40944 CVE-2021-41456 CVE-2021-41457 CVE-2021-41459 CVE-2021-45262 CVE-2021-45263 CVE-2021-45267 CVE-2021-45291 CVE-2021-45292 CVE-2021-45297 CVE-2021-45760 CVE-2021-45762 CVE-2021-45763 CVE-2021-45764 CVE-2021-45767 CVE-2021-45831 CVE-2021-46038 CVE-2021-46039 CVE-2021-46040 CVE-2021-46041 CVE-2021-46042 CVE-2021-46043 CVE-2021-46044 CVE-2021-46045 CVE-2021-46046 CVE-2021-46047 CVE-2021-46049 CVE-2021-46051 CVE-2022-1035 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795 CVE-2022-2454 CVE-2022-3222 CVE-2022-3957 CVE-2022-4202 CVE-2022-24574 CVE-2022-24577 CVE-2022-24578 CVE-2022-26967 CVE-2022-27145 CVE-2022-27147 CVE-2022-29537 CVE-2022-36190 CVE-2022-36191 CVE-2022-38530 CVE-2022-43255 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-47086 CVE-2022-47091 CVE-2022-47094 CVE-2022-47095 CVE-2022-47657 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0770 CVE-2023-0818 CVE-2023-0819 CVE-2023-0866 CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145}
+ [bullseye] - gpac 1.0.1+dfsg1-4+deb11u2
[24 May 2023] DSA-5410-1 sofia-sip - security update
{CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741}
[bullseye] - sofia-sip 1.12.11+20110422.1-2.1+deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ cinder
--
docker-registry (jmm)
--
-gpac (aron)
---
jupyter-core
Maintainer asked for availability to prepare updates
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a375365a2ca1714a1538fbe7a9b79b001439063
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a375365a2ca1714a1538fbe7a9b79b001439063
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230526/3a85339d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list