LTS: mark CVE-2019-20165/gpac as <not-affected> for stretch and buster

author: Roberto C. Sánchez <roberto@debian.org> 2022-01-04 21:47:37 -0500
committer: Roberto C. Sánchez <roberto@debian.org> 2022-01-04 21:47:37 -0500
commit: 9c12bb9a8d2ffb9eb9b15ed9095b7018909d9231 (patch)
tree: e04f45d9dde36977bbc53531eae3c8e390fdcc8a
parent: b42a69e1447b7dcd4ec30b3b1b4a80604784bf0d (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index f2c191388a..647d1afb9b 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -2196,10 +2196,11 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
 	{DLA-2072-1}
 	- gpac 1.0.1+dfsg1-2 (bug #972053)
-	[buster] - gpac <no-dsa> (Minor issue)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	NOTE: https://github.com/gpac/gpac/issues/1338
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
+	NOTE: Introduced by https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf
 CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
 	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
 	NOTE: https://github.com/gpac/gpac/issues/1332
author	Roberto C. Sánchez <roberto@debian.org>	2022-01-04 21:47:37 -0500
committer	Roberto C. Sánchez <roberto@debian.org>	2022-01-04 21:47:37 -0500
commit	9c12bb9a8d2ffb9eb9b15ed9095b7018909d9231 (patch)
tree	e04f45d9dde36977bbc53531eae3c8e390fdcc8a
parent	b42a69e1447b7dcd4ec30b3b1b4a80604784bf0d (diff)