diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-21 11:51:27 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-21 11:51:27 +0100 |
| commit | 0cc95158dd2d1d44f3d703aa103197b881602313 (patch) | |
| tree | 83666e895ed84c0f30d8d7feb4a041fe5f44e369 | |
| parent | 12e6e0a6c3a1ecd59f962ff6751f21cd5749f083 (diff) | |
Track fixes via experimental for various gpac affecting CVEs
| -rw-r--r-- | data/CVE/2018.list | 2 | ||||
| -rw-r--r-- | data/CVE/2019.list | 15 | ||||
| -rw-r--r-- | data/CVE/2020.list | 3 |
3 files changed, 20 insertions, 0 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 9f5ad57ecf..efbd537fae 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -543,6 +543,7 @@ CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_b NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.) CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #940882) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -550,6 +551,7 @@ CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13 CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #940882) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index ca4d808229..c5bab8f522 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -732,6 +732,7 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr - patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied) NOTE: https://savannah.gnu.org/bugs/index.php?56683 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -739,6 +740,7 @@ CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1271 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -746,6 +748,7 @@ CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1270 CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -753,6 +756,7 @@ CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1268 CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -760,6 +764,7 @@ CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as de NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 NOTE: https://github.com/gpac/gpac/issues/1264 CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1759,6 +1764,7 @@ CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and E NOT-FOR-US: themes for WordPress CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1863,6 +1869,7 @@ CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1889,6 +1896,7 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2) CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1900,6 +1908,7 @@ CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2) CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1907,6 +1916,7 @@ CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4) CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -1914,6 +1924,7 @@ CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -18896,6 +18907,7 @@ CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9 CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...) {DLA-2072-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (low; bug #932242) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -21932,6 +21944,7 @@ CVE-2019-12484 RESERVED CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...) {DLA-1841-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #931088) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -21939,6 +21952,7 @@ CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buf NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) {DLA-1841-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #931088) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -21946,6 +21960,7 @@ CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) {DLA-1841-1} + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #931088) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 159742c4b9..cedb17413d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -38427,6 +38427,7 @@ CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the clea CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -50291,6 +50292,7 @@ CVE-2020-6633 CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) NOT-FOR-US: PrestaShop CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) @@ -50299,6 +50301,7 @@ CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL po NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) + [experimental] - gpac 1.0.1+dfsg1-1 - gpac <unfixed> (bug #972053) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) |