ccextractor - Debian Package Tracker

general

source: ccextractor (main)
version: 0.94+ds1-2
maintainer: Freexian Packaging Team (DMD)
uploaders: Sophie Brun [DMD] – Raphaël Hertzog [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.87+ds1-1
oldstable: 0.88+ds1-1
unstable: 0.94+ds1-2

versioned links

0.87+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.88+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.94+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ccextractor (1 bugs: 0, 1, 0, 0)

action needed

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2023-06-26 Last update: 2023-09-30 07:37

Depends on packages which need a new maintainer normal

The packages that ccextractor depends on which need a new maintainer are:

gpac (#1038784)
- Depends: libgpac12
- Build-Depends: libgpac-dev

Created: 2023-06-21 Last update: 2023-09-30 06:18

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-02 Last update: 2023-02-02 11:49

debian/patches: 7 patches to forward upstream low

Among the 9 debian patches available in version 0.94+ds1-2 of the package, we noticed the following issues:

7 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-06-21 10:32

23 low-priority security issues in bullseye low

There are 23 open security issues in bullseye.

23 issues left for the package maintainer to handle:

CVE-2020-6630: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2018-21015: (needs triaging) AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-12481: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12482: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12483: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-13618: (needs triaging) In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-20161: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20162: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2019-20170: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.
CVE-2019-20208: (needs triaging) dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2020-19751: (needs triaging) An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
CVE-2020-24829: (needs triaging) An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
CVE-2020-35981: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2021-21852: (needs triaging) Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-28300: (needs triaging) NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
CVE-2021-30014: (needs triaging) There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
CVE-2021-31258: (needs triaging) The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31260: (needs triaging) The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32137: (needs triaging) Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32440: (needs triaging) The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-33362: (needs triaging) Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-06-21 04:44

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).

Created: 2022-05-11 Last update: 2023-06-21 08:19

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: gpac
- Migration status for ccextractor (- to 0.94+ds1-2): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): ccextractor gpac (not considered)
- ∙ ∙ Depends: ccextractor gpac (not considered)
- ∙ ∙ Invalidated by build-dependency
- ∙ ∙ Invalidated by dependency
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/ccextractor.html
- ∙ ∙ 101 days old (needed 5 days)
- Not considered

news

[rss feed]

[2023-06-20] Accepted ccextractor 0.94+ds1-2 (source) into unstable (Utkarsh Gupta)
[2022-07-09] ccextractor REMOVED from testing (Debian testing watch)
[2022-04-09] ccextractor 0.94+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-04] Accepted ccextractor 0.94+ds1-1 (source) into unstable (Neil Williams)
[2022-03-21] ccextractor 0.93+ds2-2 MIGRATED to testing (Debian testing watch)
[2022-03-16] Accepted ccextractor 0.93+ds2-2 (source) into unstable (Neil Williams)
[2021-09-26] ccextractor 0.93+ds2-1 MIGRATED to testing (Debian testing watch)
[2021-09-21] Accepted ccextractor 0.93+ds2-1 (source) into unstable (Neil Williams)
[2021-09-16] Accepted ccextractor 0.93+ds1-1 (source) into unstable (Neil Williams)
[2020-08-12] ccextractor 0.88+ds1-1 MIGRATED to testing (Debian testing watch)
[2020-08-07] Accepted ccextractor 0.88+ds1-1 (source) into unstable (Sebastien Delafond)
[2020-08-07] ccextractor REMOVED from testing (Debian testing watch)
[2018-12-05] ccextractor 0.87+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-11-30] Accepted ccextractor 0.87+ds1-1 (source) into unstable (Raphaël Hertzog)
[2018-09-11] ccextractor 0.86+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-09-06] Accepted ccextractor 0.86+ds1-2 (source) into unstable (Sophie Brun) (signed by: Raphaël Hertzog)
[2018-04-30] ccextractor 0.86+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-24] Accepted ccextractor 0.86+ds1-1 (source amd64) into unstable, unstable (Sophie Brun) (signed by: Raphaël Hertzog)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches