[Git][security-tracker-team/security-tracker][master] Track unfixed gpac issues as fallout from #1033116
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 13 20:03:19 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d0eae82 by Salvatore Bonaccorso at 2023-09-13T21:02:45+02:00
Track unfixed gpac issues as fallout from #1033116
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33535,7 +33535,7 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -33625,7 +33625,7 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plug
NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
{DSA-5452-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
@@ -39095,7 +39095,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not valid
CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.)
NOT-FOR-US: Zephyr
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
@@ -40845,17 +40845,17 @@ CVE-2023-23146
RESERVED
CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
CVE-2023-23142
@@ -51405,7 +51405,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908
@@ -54348,7 +54348,7 @@ CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -54473,7 +54473,7 @@ CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -54642,7 +54642,7 @@ CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
@@ -63400,25 +63400,25 @@ CVE-2022-43047
CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...)
NOT-FOR-US: Food Ordering Management System
CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2277
NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2282
NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2276
NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2278
@@ -63426,13 +63426,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain
CVE-2022-43041
RESERVED
CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2280
NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e
CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2281
@@ -69862,7 +69862,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116)
+ - gpac <unfixed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d0eae8247b27e9f466e14db003061a5571a9d4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230913/5a813ebc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list