[Git][security-tracker-team/security-tracker][master] new gpac issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 12:40:35 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3aefc907 by Moritz Muehlenhoff at 2026-06-27T13:40:14+02:00
new gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1073,9 +1073,11 @@ CVE-2025-71327 (Flowise contains an authentication bypass vulnerability in the u
 CVE-2025-71324 (Flowise before 3.0.6 contains an arbitrary file read vulnerability in  ...)
 	NOT-FOR-US: Flowise
 CVE-2025-60465 (A use-after-free in the gf_filter_pid_inst_swap function (/filter_core ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal function (/fil ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-10268 (The Printcart Web to Print Product Designer for WooCommerce WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-47987 (Parse Server before 4.10.0 was affected by a supply chain incident in  ...)
@@ -2727,17 +2729,23 @@ CVE-2025-8106
 CVE-2025-64719 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, a mal ...)
 	TODO: check
 CVE-2025-60474 (A buffer overflow in the gf_media_import function (/media_tools/av_par ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60473 (A NULL pointer dereference in the gf_filter_in_parent_chain function ( ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60471 (A use-after-free in the gf_filter_pid_reconfigure_task_discard functio ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60468 (GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev159 ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60467 (A use-after-free in the gf_filter_pid_inst_swap_delete_task function ( ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-60466 (A use-after-free in the gf_filter_pid_get_packet function (/filter_cor ...)
-	TODO: check
+	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2026-13201 (A flaw was found in KubeVirt's safepath package used by virt-handler.  ...)
 	NOT-FOR-US: KubeVirt
 CVE-2026-13208 (A flaw was found in KubeVirt's virt-handler domain notify server. The  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aefc907756b5acdcc05dab40286ee15f0c7a749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aefc907756b5acdcc05dab40286ee15f0c7a749
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/332ceaca/attachment.htm>


More information about the debian-security-tracker-commits mailing list