ccextractor - Debian Package Tracker

general

source: ccextractor (main)
version: 0.94+ds1-1
maintainer: Freexian Packaging Team (DMD)
uploaders: Raphaël Hertzog [DMD] – Sophie Brun [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.87+ds1-1
stable: 0.88+ds1-1
unstable: 0.94+ds1-1

versioned links

0.87+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.88+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.94+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ccextractor (1 bugs: 0, 1, 0, 0)

action needed

1 binary package has unsatisfiable dependencies high

The dependencies of ccextractor=0.94+ds1-1+b1 cannot be satisfied in unstable on s390x, armhf, mips64el, ppc64el, i386, amd64, arm64, armel, and mipsel because: unsatisfied dependency on libavcodec58 (>= 7:4.4)

Created: 2022-12-31 Last update: 2023-05-17 11:30

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2022-07-08 Last update: 2023-05-17 11:08

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 06a30a551322eea925c8d32a6d4d250cf7dd5d99
Merge: f363cb4 6d16b29
Author: Neil Williams <codehelp@debian.org>
Date:   Tue Apr 5 07:38:19 2022 +0000

    Merge branch 'master' into 'master'
    
    Use the default gcc instead of hardcoding a specific version
    
    See merge request freexian-team/packages/ccextractor!3

commit 6d16b29e46357529e550c1438f2d4463caac0010
Author: Adrian Bunk <bunk@debian.org>
Date:   Fri Mar 4 20:11:37 2022 +0200

    Use the default gcc instead of hardcoding a specific version
    
    Several versions ago there was a problem with gcc 11 that resulted
    in hardcoding of gcc 10, any hardcoding should now be removed
    (the gcc-10 -> gcc-11 change from commit 54da67f2 would have caused
    a FTBFS when gcc 12 becomes default).

Created: 2022-04-05 Last update: 2023-05-13 18:30

piuparts found (un)installation error(s) normal

Piuparts stresses package installation, uninstallation, upgrade, ... While doing such tests, one or more errors were found for the following suites:

sid - piuparts

You should fix them.

Created: 2023-03-26 Last update: 2023-03-26 10:36

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-02 Last update: 2023-02-02 11:49

23 low-priority security issues in bullseye low

There are 23 open security issues in bullseye.

23 issues left for the package maintainer to handle:

CVE-2020-6630: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2018-21015: (needs triaging) AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-12481: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12482: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12483: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-13618: (needs triaging) In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-20161: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20162: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2019-20170: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.
CVE-2019-20208: (needs triaging) dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2020-19751: (needs triaging) An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
CVE-2020-24829: (needs triaging) An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
CVE-2020-35981: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2021-21852: (needs triaging) Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-28300: (needs triaging) NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
CVE-2021-30014: (needs triaging) There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
CVE-2021-31258: (needs triaging) The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31260: (needs triaging) The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32137: (needs triaging) Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32440: (needs triaging) The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-33362: (needs triaging) Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-03-27 11:06

debian/patches: 7 patches to forward upstream low

Among the 7 debian patches available in version 0.94+ds1-1 of the package, we noticed the following issues:

7 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-02-27 20:59

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-12-17 19:17

testing migrations

excuses:
- Migrates after: gpac
- Migration status for ccextractor (- to 0.94+ds1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ ccextractor/amd64 has unsatisfiable dependency
- ∙ ∙ ccextractor/arm64 has unsatisfiable dependency
- ∙ ∙ ccextractor/armel has unsatisfiable dependency
- ∙ ∙ ccextractor/armhf has unsatisfiable dependency
- ∙ ∙ ccextractor/i386 has unsatisfiable dependency
- ∙ ∙ ccextractor/mips64el has unsatisfiable dependency
- ∙ ∙ ccextractor/mipsel has unsatisfiable dependency
- ∙ ∙ ccextractor/ppc64el has unsatisfiable dependency
- ∙ ∙ ccextractor/s390x has unsatisfiable dependency
- ∙ ∙ Updating ccextractor would introduce bugs in testing: #1004581
- ∙ ∙ blocked by freeze: is not in testing
- ∙ ∙ Build-Depends(-Arch): ccextractor gpac
- Additional info:
- ∙ ∙ Cannot be tested by piuparts (not a blocker) - https://piuparts.debian.org/sid/source/c/ccextractor.html
- ∙ ∙ uninstallable on arch amd64, not running autopkgtest there
- ∙ ∙ uninstallable on arch arm64, not running autopkgtest there
- ∙ ∙ uninstallable on arch armel, not running autopkgtest there
- ∙ ∙ uninstallable on arch armhf, not running autopkgtest there
- ∙ ∙ uninstallable on arch i386, not running autopkgtest there
- ∙ ∙ uninstallable on arch ppc64el, not running autopkgtest there
- ∙ ∙ uninstallable on arch s390x, not running autopkgtest there
- ∙ ∙ 408 days old (needed 20 days)
- Not considered

news

[rss feed]

[2022-07-09] ccextractor REMOVED from testing (Debian testing watch)
[2022-04-09] ccextractor 0.94+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-04] Accepted ccextractor 0.94+ds1-1 (source) into unstable (Neil Williams)
[2022-03-21] ccextractor 0.93+ds2-2 MIGRATED to testing (Debian testing watch)
[2022-03-16] Accepted ccextractor 0.93+ds2-2 (source) into unstable (Neil Williams)
[2021-09-26] ccextractor 0.93+ds2-1 MIGRATED to testing (Debian testing watch)
[2021-09-21] Accepted ccextractor 0.93+ds2-1 (source) into unstable (Neil Williams)
[2021-09-16] Accepted ccextractor 0.93+ds1-1 (source) into unstable (Neil Williams)
[2020-08-12] ccextractor 0.88+ds1-1 MIGRATED to testing (Debian testing watch)
[2020-08-07] Accepted ccextractor 0.88+ds1-1 (source) into unstable (Sebastien Delafond)
[2020-08-07] ccextractor REMOVED from testing (Debian testing watch)
[2018-12-05] ccextractor 0.87+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-11-30] Accepted ccextractor 0.87+ds1-1 (source) into unstable (Raphaël Hertzog)
[2018-09-11] ccextractor 0.86+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-09-06] Accepted ccextractor 0.86+ds1-2 (source) into unstable (Sophie Brun) (signed by: Raphaël Hertzog)
[2018-04-30] ccextractor 0.86+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-24] Accepted ccextractor 0.86+ds1-1 (source amd64) into unstable, unstable (Sophie Brun) (signed by: Raphaël Hertzog)

bugs [bug history graph]

all: 3
RC: 1
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, debcheck, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches