-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Jan 2020 13:17:16 +0100 Source: gpac Binary: gpac gpac-dbg gpac-modules-base libgpac3 libgpac-dbg libgpac-dev Architecture: source amd64 Version: 0.5.0+svn5324~dfsg1-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: gpac - GPAC Project on Advanced Content - utilities gpac-dbg - GPAC Project on Advanced Content - debugging symbols gpac-modules-base - GPAC Project on Advanced Content - modules libgpac-dbg - GPAC Project on Advanced Content - debugging symbols for libgpac3 libgpac-dev - GPAC Project on Advanced Content - development files libgpac3 - GPAC Project on Advanced Content - shared libraries Changes: gpac (0.5.0+svn5324~dfsg1-1+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-20161: heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. * CVE-2019-20162: heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. * CVE-2019-20163: NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. * CVE-2019-20165: NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. * CVE-2019-20170: invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. * CVE-2019-20171: memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. * CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. * CVE-2019-20168: use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. * CVE-2019-20169: use-after-free in the function trak_Read() in isomedia/box_code_base.c. Checksums-Sha1: 39565addf58a6271511493ea63ee3411d3fdd841 2431 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 576ca9d9ad896639b0bf4b61ac58ca6ab9a84845 40184 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 0f45ca543dedf827e9f4654d12789a4d78194276 245412 gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 36643dc5909eb0c3b4632777a8c4ee2db44bcf77 1284442 gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 620c4386e105be061172931f2e2a8fe6b0ee68ee 234192 gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb a8a21d9d778711aa430a267435d8845457a98d9a 1486086 libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb fc226170877b332bba089c55a46e0e4cc5a357b2 4839074 libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 2497b174e24aaeb44189e81834600b0013901d99 1985068 libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb Checksums-Sha256: ed2165d9a9f9763d9bdce738456140d4d4e955214f857e4b8e98aaf4b06b0ed4 2431 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 73e6e7449307ecdf2fa6cba6158838c6503caf64145c4d99ce6d08b5ca32677e 40184 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 5700a7434bcbfa7c73ea1edc8e103f63a444d054963b023e0179967da0c018a9 245412 gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 9230709ffca25755bbaa7914005a4fa1164fb515e209c2915e6ffc82d40fbb62 1284442 gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 5926503c597796133460046ebd8a011055a6eb6fbcd11a265d298c31810c79fa 234192 gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb d9f130d93df539d70cb5e45599517cf7a474617db397465246c7a01da699b6a4 1486086 libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 6e96b480a6a080ffe0e49eb8bb1f64393b219515b65970cc1d132b82318c932e 4839074 libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb f35c8ef06d9d33a8fd62d6401fa07e4787116070748d27e8245d55686f049f05 1985068 libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb Files: 27ab058c58b40fb23d6c6e2395ef636d 2431 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 5090537d06128da952f95269acec2bd3 40184 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 4cfab1145d04a112bfdda76ae931bc80 245412 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb dc3ef98b49deb9ccefcbd252bdf02c3e 1284442 debug extra gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb d9604af72b61d146b7a29145d3b9e12a 234192 graphics optional gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 727f4e1c08f081a61fc2de7ae5da066f 1486086 libs optional libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 8991f571e1c82639bd97a93df6b2ce6c 4839074 debug extra libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 91f9dda08c34c3fed7ed435c6d3fe861 1985068 libdevel optional libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl4lokQACgkQj/HLbo2J BZ+DtwgAgJmGmuVWNu5MzSTnO8ywnWQvpnAf8MCgjWtamGreO37YZYdF/CvH+2lz 9sKYJAYHuFGJe8kYWBgZ1ofTBjZXSDzNwv4t2+CiIM8zO7zr1sSpO45Gp5nuH46J Xlhqbl6PiziEOOiBr8AH1JoGcLpDZ1NoofV5/gZwxKsvRJK4HIQsg0XiOSmUzcBy wz5/d2+2s4ER8d9duvsyUSemZZhxioDBuSN+132U2lD6/Mo3C/rxEclr6oYam/lI GdueGW8S93Xtx/OqNVRvLstGPjnedO6Wlp4cdsLy+02G2kZRPHfqiFllbLSdEfyo qiJIDSh+JHrDGSAOhKvBInKviw72Tw== =yoAN -----END PGP SIGNATURE-----
