LTS: mark CVE-2020-11558/gpac as <not-affected> for stretch and buster

author: Roberto C. Sánchez <roberto@debian.org> 2022-01-07 17:01:56 -0500
committer: Roberto C. Sánchez <roberto@debian.org> 2022-01-07 17:01:56 -0500
commit: 57e0f2f3676898520fb401888217bb53ace62bd7 (patch)
tree: e1f104c593a12654b67aee95f571671cac738978 /data/CVE/list.2020
parent: 07314a3257045bdd4b17bc19fe64a9388cf6a335 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index b2327158bd..cb1c9f826d 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -45806,11 +45806,12 @@ CVE-2020-11559
 	RESERVED
 CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
 	- gpac 1.0.1+dfsg1-2 (bug #972053)
-	[buster] - gpac <no-dsa> (Minor issue)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
 	NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
 	NOTE: https://github.com/gpac/gpac/issues/1440
+	NOTE: Introduced by https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649
 CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
 	NOT-FOR-US: Castle Rock SNMPc
 CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
author	Roberto C. Sánchez <roberto@debian.org>	2022-01-07 17:01:56 -0500
committer	Roberto C. Sánchez <roberto@debian.org>	2022-01-07 17:01:56 -0500
commit	57e0f2f3676898520fb401888217bb53ace62bd7 (patch)
tree	e1f104c593a12654b67aee95f571671cac738978 /data/CVE/list.2020
parent	07314a3257045bdd4b17bc19fe64a9388cf6a335 (diff)