[Git][security-tracker-team/security-tracker][master] new gpac issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 13 13:12:11 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4511c45 by Moritz Muehlenhoff at 2023-10-13T14:11:48+02:00
new gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -178,7 +178,9 @@ CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilit
 CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy'  ...)
 	NOT-FOR-US: Juniper
 CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2567
+	NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06
 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...)
 	NOT-FOR-US: Thecosy IceCMS
 CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...)
@@ -201,7 +203,9 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
 CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...)
 	NOT-FOR-US: KernelSU
 CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
+	NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
 CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...)
 	NOT-FOR-US: Zebra Technologies ZTC
 CVE-2023-4936 (It is possible to sideload a compromised DLL during the installation a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4511c45a64d16e16d37edd38c1f2f5778add5c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4511c45a64d16e16d37edd38c1f2f5778add5c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/ed00fdea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list