[Git][security-tracker-team/security-tracker][master] gpac now removed from unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 27 21:43:34 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea19bb44 by Salvatore Bonaccorso at 2024-07-27T21:52:26+02:00
gpac now removed from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9366,12 +9366,12 @@ CVE-2024-6066 (A vulnerability classified as critical has been found in SourceCo
CVE-2024-6065 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
NOT-FOR-US: itsourcecode Bakery Online Ordering System
CVE-2024-6064 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...)
- - gpac <unfixed> (bug #1074414)
+ - gpac <removed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2874
NOTE: https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5
CVE-2024-6063 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...)
- - gpac <unfixed> (bug #1074414)
+ - gpac <removed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2873
NOTE: https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5
@@ -9420,12 +9420,12 @@ CVE-2023-37058 (Insecure Permissions vulnerability in JLINK Unionman Technology
CVE-2023-37057 (An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allow ...)
NOT-FOR-US: JLINK
CVE-2024-6062 (A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and ...)
- - gpac <unfixed> (bug #1074414)
+ - gpac <removed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2872
NOTE: https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd
CVE-2024-6061 (A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-maste ...)
- - gpac <unfixed> (bug #1074414)
+ - gpac <removed> (bug #1074414)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2871
NOTE: https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c
@@ -41538,12 +41538,12 @@ CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cr
CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...)
NOT-FOR-US: TOTOLINK
CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2763
NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e
CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2764
NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716
@@ -43100,12 +43100,12 @@ CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk
CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk
CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2641
NOTE: https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a
CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2642
NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341
@@ -51563,16 +51563,16 @@ CVE-2024-24397 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft
CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...)
NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS
CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md
CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md
CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props ...)
- - gpac <unfixed> (bug #1068462)
+ - gpac <removed> (bug #1068462)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md
@@ -53420,7 +53420,7 @@ CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive aut
CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 3.118.12 and p ...)
NOT-FOR-US: Tuta
CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the function g ...)
- - gpac <unfixed> (bug #1065861)
+ - gpac <removed> (bug #1065861)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2713
NOTE: https://github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048
@@ -56627,7 +56627,7 @@ CVE-2023-50916 (Kyocera Device Manager before 3.1.1213.0 allows NTLM credential
CVE-2023-50172 (A recovery notification bypass vulnerability exists in the userRecover ...)
NOT-FOR-US: WWBN AVideo
CVE-2023-50120 (MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to ...)
- - gpac <unfixed> (bug #1060696)
+ - gpac <removed> (bug #1060696)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2698
@@ -57172,12 +57172,12 @@ CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in p
CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in pure Py ...)
- pyload <itp> (bug #1001980)
CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1060409)
+ - gpac <removed> (bug #1060409)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/
NOTE: https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70
CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- - gpac <unfixed> (bug #1060409)
+ - gpac <removed> (bug #1060409)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
NOTE: https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
@@ -58086,7 +58086,7 @@ CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulner
CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...)
NOT-FOR-US: ureport
CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...)
- - gpac <unfixed> (bug #1060043)
+ - gpac <removed> (bug #1060043)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2662
@@ -62851,7 +62851,7 @@ CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user servers
CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in bro ...)
NOT-FOR-US: IBM
CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2652
NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
@@ -62859,7 +62859,7 @@ CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to c
CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 versi ...)
NOT-FOR-US: DrayTek Vigor167
CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2669
NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
@@ -63193,7 +63193,7 @@ CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command
CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...)
NOT-FOR-US: Tenda
CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_ ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2689
@@ -63209,7 +63209,7 @@ CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is vulnerable to Directory Tr
CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management System v ...)
NOT-FOR-US: Best Courier Management System
CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a mem ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2658
@@ -66029,11 +66029,11 @@ CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow
CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
NOT-FOR-US: Tenda
CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2680
CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...)
- - gpac <unfixed> (bug #1059056)
+ - gpac <removed> (bug #1059056)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2679
CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...)
@@ -66693,17 +66693,17 @@ CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...)
NOT-FOR-US: XXL-Job
CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2613
NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b
CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2612
NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893
CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2611
NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea
@@ -67020,7 +67020,7 @@ CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2672
@@ -68129,7 +68129,7 @@ CVE-2023-46676
CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...)
NOT-FOR-US: timetec AWDMS
CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2629
NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4
@@ -68174,7 +68174,7 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix
NOTE: https://github.com/golang/go/commit/1b59b017db1ac4a63ed08173c00d7f08d47530be (go1.20.12)
NOTE: No security impact for Debian packages, only affects code running on Windows
CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- - gpac <unfixed> (bug #1056282)
+ - gpac <removed> (bug #1056282)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
@@ -69014,25 +69014,25 @@ CVE-2023-5358 (Improper access control in Report log filters feature in Devoluti
CVE-2023-4452 (A vulnerability has been identified in the EDR-810, EDR-G902, and EDR- ...)
NOT-FOR-US: Moxa
CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...)
- - gpac <unfixed> (bug #1055298)
+ - gpac <removed> (bug #1055298)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2664
NOTE: https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf
CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...)
- - gpac <unfixed> (bug #1055298)
+ - gpac <removed> (bug #1055298)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2666
NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8
CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...)
- - gpac <unfixed> (bug #1055298)
+ - gpac <removed> (bug #1055298)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2661
NOTE: https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1
CVE-2023-46927 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...)
- - gpac <unfixed> (bug #1055298)
+ - gpac <removed> (bug #1055298)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2657
NOTE: https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817
@@ -72004,7 +72004,7 @@ CVE-2012-10016 (A vulnerability classified as problematic has been found in Halu
CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- - gpac <unfixed> (bug #1055125)
+ - gpac <removed> (bug #1055125)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e
@@ -72311,7 +72311,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP hea
NOTE: This issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25)
CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...)
- - gpac <unfixed> (bug #1055124)
+ - gpac <removed> (bug #1055124)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2632
NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740
@@ -72700,7 +72700,7 @@ CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilit
CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...)
NOT-FOR-US: Juniper
CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
- - gpac <unfixed> (bug #1053878)
+ - gpac <removed> (bug #1053878)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2567
@@ -72745,7 +72745,7 @@ CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...)
NOT-FOR-US: KernelSU
CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
- - gpac <unfixed> (bug #1053878)
+ - gpac <removed> (bug #1053878)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e
@@ -74180,7 +74180,7 @@ CVE-2023-5399 (A CWE-22: Improper Limitation of a Pathname to a Restricted Direc
CVE-2023-5391 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...)
NOT-FOR-US: Schneider Electric
CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.)
- - gpac <unfixed> (bug #1055122)
+ - gpac <removed> (bug #1055122)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2606
NOTE: https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce
@@ -77884,7 +77884,7 @@ CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration ver
CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in ...)
NOT-FOR-US: Interact
CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function ...)
- - gpac <unfixed> (bug #1051955)
+ - gpac <removed> (bug #1051955)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2550
@@ -78435,7 +78435,7 @@ CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873)
CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
@@ -78650,25 +78650,25 @@ CVE-2023-34321 (Arm provides multiple helpers to clean & invalidate the cache fo
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-437.html
CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6
CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05
CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3
CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
@@ -79066,18 +79066,18 @@ CVE-2023-39979 (There is a vulnerability in MXsecurity versions prior to 1.0.1 t
CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress
CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76
NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830
CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63
NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc
CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a
NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad
@@ -79254,24 +79254,24 @@ CVE-2023-41749 (Sensitive information disclosure due to excessive collection of
CVE-2023-39912 (Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technici ...)
NOT-FOR-US: Zoho
CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec
NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922
CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be
NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c
CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c
NOTE: https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e
CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07
@@ -80111,7 +80111,7 @@ CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain
CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...)
NOT-FOR-US: Zenario CMS
CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2537
@@ -86228,19 +86228,19 @@ CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was foun
CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: ARMember plugin for WordPress
CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
- - gpac <unfixed> (bug #1041421)
+ - gpac <removed> (bug #1041421)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2514
NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345
CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
- - gpac <unfixed> (bug #1041421)
+ - gpac <removed> (bug #1041421)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2516
NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c
CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
- - gpac <unfixed> (bug #1041421)
+ - gpac <removed> (bug #1041421)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2515
@@ -86256,7 +86256,7 @@ CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerabil
CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...)
NOT-FOR-US: Schneider Electric
CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
- - gpac <unfixed> (bug #1041421)
+ - gpac <removed> (bug #1041421)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2505
@@ -87180,7 +87180,7 @@ CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem
CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...)
NOT-FOR-US: ThinuTech ThinuCMS
CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
- - gpac <unfixed> (bug #1041421)
+ - gpac <removed> (bug #1041421)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
@@ -89363,7 +89363,7 @@ CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided
- mattermost-server <itp> (bug #823556)
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
{DSA-5452-1}
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf
@@ -91197,14 +91197,14 @@ CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0 a
CVE-2023-3014 (A vulnerability, which was classified as problematic, was found in Bei ...)
NOT-FOR-US: BeipyVideoResolution
CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.)
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594
CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
{DSA-5452-1}
- - gpac <unfixed> (bug #1051740)
+ - gpac <removed> (bug #1051740)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7
@@ -92163,25 +92163,25 @@ CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to con
NOT-FOR-US: cu/silicon
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1036701)
+ - gpac <removed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37
CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
{DSA-5411-1}
- - gpac <unfixed> (bug #1036701)
+ - gpac <removed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac
CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
{DSA-5411-1}
- - gpac <unfixed> (bug #1036701)
+ - gpac <removed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1036701)
+ - gpac <removed> (bug #1036701)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611
@@ -110686,7 +110686,7 @@ CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add
NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5
CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...)
- - gpac <unfixed> (bug #1034890)
+ - gpac <removed> (bug #1034890)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
@@ -111433,7 +111433,7 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
@@ -111523,7 +111523,7 @@ CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plug
NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
{DSA-5452-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe
@@ -117035,7 +117035,7 @@ CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not valid
CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.)
NOT-FOR-US: Zephyr
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
@@ -118790,17 +118790,17 @@ CVE-2023-23146
RESERVED
CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f
CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86
CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6
CVE-2023-23142
@@ -129393,7 +129393,7 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2333
NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908
@@ -132374,7 +132374,7 @@ CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2315
NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4
@@ -132499,7 +132499,7 @@ CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2295
NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df
@@ -132668,7 +132668,7 @@ CVE-2022-45203
RESERVED
CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2296
NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
@@ -132894,7 +132894,7 @@ CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar
NOT-FOR-US: BlueSpiceUserSidebar extension of BlueSpice
CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
NOTE: Negligible security impact
CVE-2022-3956 (A vulnerability classified as critical has been found in tsruban HHIMS ...)
@@ -140995,12 +140995,12 @@ CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection vu
NOT-FOR-US: SeaCms
CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
NOTE: https://github.com/gpac/gpac/issues/2285
NOTE: https://github.com/gpac/gpac/commit/d82e1340d7fd5ceea205e0f173500102f3237eb4
NOTE: Negligible security impact
CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...)
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
NOTE: https://github.com/gpac/gpac/issues/2284
NOTE: https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6
NOTE: Negligible security impact
@@ -141458,25 +141458,25 @@ CVE-2022-43047
CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...)
NOT-FOR-US: Food Ordering Management System
CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2277
NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb
CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2282
NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35
CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2276
NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd
CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2278
@@ -141484,13 +141484,13 @@ CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain
CVE-2022-43041
RESERVED
CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2280
NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e
CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...)
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[bullseye] - gpac <not-affected> (Vulnerable code not present)
[buster] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/2281
@@ -147931,7 +147931,7 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
{DSA-5411-1}
- - gpac <unfixed> (bug #1033116; bug #1051866)
+ - gpac <removed> (bug #1033116; bug #1051866)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
@@ -240863,7 +240863,7 @@ CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attack
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-33367.patch
CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf
@@ -240871,13 +240871,13 @@ CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in
NOTE: Negligible security impact
CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5
NOTE: https://github.com/gpac/gpac/issues/1784
NOTE: Negligible security impact
CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7
@@ -240885,7 +240885,7 @@ CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC
NOTE: Negligible security impact
CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9
@@ -240904,7 +240904,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i
NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
{DSA-5411-1}
- - gpac <unfixed> (unimportant)
+ - gpac <removed> (unimportant)
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19bb44dfda41dd9f44270ce00de1b187a86a3d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19bb44dfda41dd9f44270ce00de1b187a86a3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240727/750da7af/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list