From 5a375365a2ca1714a1538fbe7a9b79b001439063 Mon Sep 17 00:00:00 2001 From: Aron Xu Date: Fri, 26 May 2023 21:56:16 +0800 Subject: gpac DSA --- data/CVE/list | 64 ----------------------------------------------------- data/DSA/list | 3 +++ data/dsa-needed.txt | 2 -- 3 files changed, 3 insertions(+), 66 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index d0aa88d574..7b54830092 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -365,25 +365,21 @@ CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to con NOT-FOR-US: cu/silicon CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1036701) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 @@ -17830,7 +17826,6 @@ CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilitie NOT-FOR-US: OpenNMS CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 @@ -18274,13 +18269,11 @@ CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does n NOT-FOR-US: WordPress plugin CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff @@ -18848,7 +18841,6 @@ CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7 - ampache CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 @@ -30899,31 +30891,26 @@ CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_h NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10) CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2360 NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2359 NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2358 NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0) CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2357 NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0) CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2354 NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0) @@ -30935,7 +30922,6 @@ CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer ov NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0) CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2355 NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0) @@ -33866,13 +33852,11 @@ CVE-2022-47096 RESERVED CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2346 NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0) CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2345 NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0) @@ -33890,7 +33874,6 @@ CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer ove NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0) CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2343 NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0) @@ -33916,7 +33899,6 @@ CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in g NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2337 NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0) @@ -36471,7 +36453,6 @@ CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verif NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8) CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2333 NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 @@ -39345,7 +39326,6 @@ CVE-2022-45344 RESERVED CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2315 NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 @@ -39470,7 +39450,6 @@ CVE-2022-45284 RESERVED CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2295 NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df @@ -39639,7 +39618,6 @@ CVE-2022-45203 RESERVED CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2296 NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 @@ -54713,7 +54691,6 @@ CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d NOT-FOR-US: jgraph/drawio CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) - gpac (bug #1033116) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf @@ -60566,7 +60543,6 @@ CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable NOT-FOR-US: FPT router CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...) - gpac 2.0.0+dfsg1-4 (bug #1019595) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2216 NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d @@ -67029,13 +67005,11 @@ CVE-2022-36192 RESERVED CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) - gpac 2.0.0+dfsg1-4 (bug #1019595) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2218 NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) - gpac 2.0.0+dfsg1-4 (bug #1019595) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2220 NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218 @@ -67203,7 +67177,6 @@ CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1 NOT-FOR-US: Apache SkyWalking CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) - gpac 2.0.0+dfsg1-4 (bug #1015788) - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 @@ -81458,7 +81431,6 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.) NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.) - gpac 2.0.0+dfsg1-4 (bug #1016443) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc @@ -85765,7 +85737,6 @@ CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmwar NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2175 @@ -85959,7 +85930,6 @@ CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control i NOT-FOR-US: RESI Gemini-Net CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2173 @@ -88662,7 +88632,6 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio - phpipam (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.) - gpac 2.0.0+dfsg1-4 (bug #1016443) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d @@ -92595,7 +92564,6 @@ CVE-2022-1036 (Able to create an account with long password leads to memory corr NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b @@ -93164,7 +93132,6 @@ CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2109 @@ -93178,7 +93145,6 @@ CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overf NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0) @@ -93594,7 +93560,6 @@ CVE-2022-26968 RESERVED CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...) - gpac 2.0.0+dfsg1-4 (bug #1007224) - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2138 @@ -100697,14 +100662,12 @@ CVE-2022-24579 RESERVED CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/ NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0) CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ @@ -100727,7 +100690,6 @@ CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0) CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/ @@ -109141,7 +109103,6 @@ CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to NOTE: Crash in CLI tool, no security impact CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2011 @@ -109152,7 +109113,6 @@ CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the pr NOTE: Crash in CLI tool, no security impact CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2013 @@ -109163,70 +109123,60 @@ CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to NOTE: Crash in CLI tool, no security impact CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2008 NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0) CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2005 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2007 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2006 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2001 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2002 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2004 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2003 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1999 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2000 @@ -110148,7 +110098,6 @@ CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13. NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1990 @@ -110290,7 +110239,6 @@ CVE-2021-45768 RESERVED CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1982 @@ -110301,21 +110249,18 @@ CVE-2021-45765 RESERVED CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1971 NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1974 NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1978 @@ -110324,7 +110269,6 @@ CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address NOT-FOR-US: ROPium CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1966 @@ -111963,7 +111907,6 @@ CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1973 @@ -111982,14 +111925,12 @@ CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1958 NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0) CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1955 @@ -112056,7 +111997,6 @@ CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Back - backdrop (bug #914257) CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1965 @@ -112074,14 +112014,12 @@ CVE-2021-45264 RESERVED CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1975 NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0) CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1980 @@ -114949,7 +114887,6 @@ CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the clie NOTE: https://www.openssl.org/news/secadv/20211214.txt CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) - gpac 2.0.0+dfsg1-2 - [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code introduced later, in version 0.7.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47 @@ -177663,7 +177600,6 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i NOTE: https://github.com/gpac/gpac/issues/1659 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...) - gpac 2.0.0+dfsg1-2 (bug #987374; bug #990691) - [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) - ccextractor 0.93+ds2-1 (bug #994746) diff --git a/data/DSA/list b/data/DSA/list index 8dce99c8d4..bb247aba81 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1,6 +1,9 @@ [26 May 2023] DSA-5413-1 sniproxy - security update {CVE-2023-25076} [bullseye] - sniproxy 0.6.0-2+deb11u1 +[26 May 2023] DSA-5411-1 gpac - security update + {CVE-2020-35980 CVE-2021-4043 CVE-2021-21852 CVE-2021-33361 CVE-2021-33363 CVE-2021-33364 CVE-2021-33365 CVE-2021-33366 CVE-2021-36412 CVE-2021-36414 CVE-2021-36417 CVE-2021-40559 CVE-2021-40562 CVE-2021-40563 CVE-2021-40564 CVE-2021-40565 CVE-2021-40566 CVE-2021-40567 CVE-2021-40568 CVE-2021-40569 CVE-2021-40570 CVE-2021-40571 CVE-2021-40572 CVE-2021-40574 CVE-2021-40575 CVE-2021-40576 CVE-2021-40592 CVE-2021-40606 CVE-2021-40608 CVE-2021-40609 CVE-2021-40944 CVE-2021-41456 CVE-2021-41457 CVE-2021-41459 CVE-2021-45262 CVE-2021-45263 CVE-2021-45267 CVE-2021-45291 CVE-2021-45292 CVE-2021-45297 CVE-2021-45760 CVE-2021-45762 CVE-2021-45763 CVE-2021-45764 CVE-2021-45767 CVE-2021-45831 CVE-2021-46038 CVE-2021-46039 CVE-2021-46040 CVE-2021-46041 CVE-2021-46042 CVE-2021-46043 CVE-2021-46044 CVE-2021-46045 CVE-2021-46046 CVE-2021-46047 CVE-2021-46049 CVE-2021-46051 CVE-2022-1035 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795 CVE-2022-2454 CVE-2022-3222 CVE-2022-3957 CVE-2022-4202 CVE-2022-24574 CVE-2022-24577 CVE-2022-24578 CVE-2022-26967 CVE-2022-27145 CVE-2022-27147 CVE-2022-29537 CVE-2022-36190 CVE-2022-36191 CVE-2022-38530 CVE-2022-43255 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-47086 CVE-2022-47091 CVE-2022-47094 CVE-2022-47095 CVE-2022-47657 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0770 CVE-2023-0818 CVE-2023-0819 CVE-2023-0866 CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145} + [bullseye] - gpac 1.0.1+dfsg1-4+deb11u2 [24 May 2023] DSA-5410-1 sofia-sip - security update {CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741} [bullseye] - sofia-sip 1.12.11+20110422.1-2.1+deb11u1 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index d5f86294d4..d59d3c2523 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -20,8 +20,6 @@ cinder -- docker-registry (jmm) -- -gpac (aron) --- jupyter-core Maintainer asked for availability to prepare updates -- -- cgit v1.2.3