[Git][security-tracker-team/security-tracker][master] Add Debian bug references for gpac issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 12 04:51:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c83cbad4 by Salvatore Bonaccorso at 2023-09-11T23:33:41+02:00
Add Debian bug references for gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -548,7 +548,7 @@ CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
 	NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873)
 CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
@@ -685,25 +685,25 @@ CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated]
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-437.html
 CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
 	NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6
 CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
 	NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05
 CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
 	NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3
 CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
 	NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
@@ -1092,17 +1092,17 @@ CVE-2023-39979 (There is a vulnerability in MXsecurity versions prior to 1.0.1 t
 CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress
 CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76
 	NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830
 CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63
 	NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc
 CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a
 	NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad
@@ -1275,24 +1275,24 @@ CVE-2023-41749 (Sensitive information disclosure due to excessive collection of
 CVE-2023-39912 (Zoho ManageEngine ADManager Plus through 7202 allows admin users to do ...)
 	NOT-FOR-US: Zoho
 CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec
 	NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922
 CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be
 	NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c
 CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c
 	NOTE: https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e
 CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07
@@ -2064,7 +2064,7 @@ CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain
 CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...)
 	NOT-FOR-US: Zenario CMS
 CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2537
 	NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6
@@ -11218,7 +11218,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
 	{DSA-5452-1}
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
 	NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
@@ -13037,14 +13037,14 @@ CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0 a
 CVE-2023-3014 (A vulnerability, which was classified as problematic, was found in Bei ...)
 	NOT-FOR-US: BeipyVideoResolution
 CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.)
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
 	NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594
 CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
 	{DSA-5452-1}
-	- gpac <unfixed>
+	- gpac <unfixed> (bug #1051740)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
 	NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83cbad4b035595fbfc72197a34b0deaaaef29fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83cbad4b035595fbfc72197a34b0deaaaef29fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/7746bced/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list