[Git][security-tracker-team/security-tracker][master] Track fixes which entered unstable from the experimental upload

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3764bf7d by Salvatore Bonaccorso at 2023-09-13T14:03:45+02:00
Track fixes which entered unstable from the experimental upload

Note that some of the CVEs in #1033116 are still not fixed and neither
bugs #1036701 and #1034890 status (which were previously reopened but
without any feedback yet, and now re-closed with the unstable uplaod,
but no changes related to those).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23302,7 +23302,7 @@ CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in
 	NOT-FOR-US: ForgeRock
 CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1034187)
+	- gpac 2.2.1+dfsg1-2 (bug #1034187)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9
@@ -23311,7 +23311,7 @@ CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
 CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1034187)
+	- gpac 2.2.1+dfsg1-2 (bug #1034187)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14
 	NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da
@@ -24764,7 +24764,7 @@ CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It ha
 CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It  ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1034187)
+	- gpac 2.2.1+dfsg1-2 (bug #1034187)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2386
 	NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
@@ -24776,7 +24776,7 @@ CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as proble
 CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1034187)
+	- gpac 2.2.1+dfsg1-2 (bug #1034187)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2387
 	NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9
@@ -24784,7 +24784,7 @@ CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-m
 CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1034187)
+	- gpac 2.2.1+dfsg1-2 (bug #1034187)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2388
 	NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463
@@ -32435,7 +32435,7 @@ CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilitie
 CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
 	NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
@@ -32883,7 +32883,7 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does n
 CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
 	NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f
@@ -32891,14 +32891,14 @@ CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
 CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
 	NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff
 	NOTE: https://github.com/gpac/gpac/commit/cbbc4d343149c07896c4a3bed28849c576510b6c (v2.2.1)
 CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
@@ -45728,41 +45728,41 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h
 CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2360
 	NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)
 CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2359
 	NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)
 CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2358
 	NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)
 CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2357
 	NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)
 CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2354
 	NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)
 CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2356
@@ -45770,13 +45770,13 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov
 CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2355
 	NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)
 CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2353
@@ -45788,14 +45788,14 @@ CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void
 	NOTE: https://github.com/strukturag/libde265/pull/376
 CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2350
 	NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)
 CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2349
@@ -48744,27 +48744,27 @@ CVE-2022-47096
 CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2346
 	NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)
 CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2345
 	NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)
 CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2344
 	NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)
 CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow  ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2347
@@ -48772,7 +48772,7 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove
 CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2343
 	NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)
@@ -48780,21 +48780,21 @@ CVE-2022-47090
 	RESERVED
 CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2338
 	NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)
 CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2340
 	NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)
 CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <not-affected> (Vulnerable code not present)
 	[buster] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/2339
@@ -48802,7 +48802,7 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g
 CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...)
 	{DSA-5411-1}
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2337
 	NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)
@@ -50566,14 +50566,14 @@ CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Adm
 	NOT-FOR-US: nbnbk
 CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2327
 	NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0)
 CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...)
 	[experimental] - gpac 2.2.1+dfsg1-1
-	- gpac <unfixed> (bug #1033116)
+	- gpac 2.2.1+dfsg1-2 (bug #1033116)
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2328



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3764bf7db3fdb3c3276748c76fef7f9bdd667205
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230913/6b808be8/attachment.htm>