Debian Package Tracker

general

source: gpac (main)
version: 0.5.2-426-gc5ad4e4+dfsg5-5
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Reinhard Tartler [DMD] – Alessio Treglia [DMD] – Balint Reczey [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.5.0+svn5324~dfsg1-1
o-o-sec: 0.5.0+svn5324~dfsg1-1+deb8u5
oldstable: 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
stable: 0.5.2-426-gc5ad4e4+dfsg5-5
testing: 0.5.2-426-gc5ad4e4+dfsg5-5
unstable: 0.5.2-426-gc5ad4e4+dfsg5-5
exp: 0.7.1+dfsg1-3

versioned links

0.5.0+svn5324~dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.0+svn5324~dfsg1-1+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gpac (4 bugs: 0, 2, 2, 0)
gpac-modules-base
libgpac-dev
libgpac4

action needed

A new upstream version is available: 0.8.0 high

A new upstream version 0.8.0 is available, you should consider packaging it.

Created: 2020-05-03 Last update: 2020-05-27 20:01

21 security issues in buster high

There are 21 open security issues in buster.

3 important issues:

CVE-2019-20161: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20162: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2020-11558: An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.

18 issues skipped by the security teams:

CVE-2019-20631: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20630: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20632: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-12483: An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2018-21016: audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2018-21015: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-20165: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
CVE-2019-20163: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
CVE-2020-6630: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2019-20629: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20628: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-13618: In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-12482: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12481: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2019-20170: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.

Please fix them.

Created: 2019-06-02 Last update: 2020-05-25 19:35

21 security issues in bullseye high

There are 21 open security issues in bullseye.

21 important issues:

CVE-2019-20631: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20630: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20632: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-12483: An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2018-21016: audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2018-21015: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-20165: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
CVE-2019-20161: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20163: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
CVE-2019-20162: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2020-6630: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2019-20629: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20628: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-13618: In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2020-11558: An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.
CVE-2019-12482: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12481: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2019-20170: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.

Please fix them.

Created: 2019-07-07 Last update: 2020-05-25 19:35

21 security issues in sid high

There are 21 open security issues in sid.

21 important issues:

CVE-2019-20631: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20630: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20632: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-12483: An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2018-21016: audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2018-21015: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-20165: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
CVE-2019-20161: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20163: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
CVE-2019-20162: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2020-6630: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2019-20629: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20628: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-13618: In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2020-11558: An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.
CVE-2019-12482: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12481: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2019-20170: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.

Please fix them.

Created: 2019-06-02 Last update: 2020-05-25 19:35

23 security issues in stretch high

There are 23 open security issues in stretch.

3 important issues:

CVE-2019-20161: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20162: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2020-11558: An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.

20 issues skipped by the security teams:

CVE-2019-20631: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20630: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20632: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-12483: An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2018-21016: audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2018-21015: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-11222: gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.
CVE-2019-11221: GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
CVE-2019-20165: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
CVE-2019-20163: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
CVE-2020-6630: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2019-20629: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20628: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-13618: In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-12482: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12481: An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2019-20170: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.

Please fix them.

Created: 2018-03-08 Last update: 2020-05-25 19:35

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 3.9.8).

Created: 2018-04-16 Last update: 2020-01-21 05:06

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-05-28 01:31

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:03

7 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 711ae65a47384b18753e45394caaf905b6b291d0
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:52:18 2019 -0400

    debian/changelog: Update for experimental

commit 1331dfa0d9f542f60718d06fea9e0b45cf6c2ba7
Merge: 94f9b9a68 5b2f0da57
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:46:54 2019 -0400

    Merge branch 'master' into experimental

commit 5b2f0da57623c16a14e60eda002ca00ccc3f8d30
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:41:32 2019 -0400

    debian/changelog: Fix email address

commit 5f5a3bea41849286d8431e558367bbf97368c613
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Apr 12 21:23:57 2019 -0400

    Prepare new upload
    
    * Bug fix: "CVE-2019-11222: Buffer-overflow in gf_bin128_parse", thanks
      to Salvatore Bonaccorso (Closes: #926961).
    * Bug fix: "CVE-2019-11221: buffer-overflow issue in gf_import_message()
      in media_import.c", thanks to Salvatore Bonaccorso (Closes: #926963).

commit 94f9b9a68fa2d230f72c5f66ab2456fc4d8e32e3
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Apr 7 10:54:31 2019 -0400

    debian/changelog: Upload to experimental

commit 4c8e357bb0cf6cde4c6ee115dc9b2a01df668516
Merge: fffa1991e d92c6b0ba
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Apr 7 10:52:54 2019 -0400

    Merge branch 'master' into experimental

commit d92c6b0ba3ddf7f910e9efd8ee047de8975a2929
Author: Moritz Muehlenhoff <jmm@debian.org>
Date:   Mon Apr 1 23:07:02 2019 +0200

    Import Debian changes 0.5.2-426-gc5ad4e4+dfsg5-4.1
    
    gpac (0.5.2-426-gc5ad4e4+dfsg5-4.1) unstable; urgency=medium
    
      * CVE-2018-7752 (Closes: #892526)
      * CVE-2018-13005, CVE-2018-13006 (Closes: #902782)
      * CVE-2018-20760, CVE-2018-20761, CVE-2018-20762, CVE-2018-20763
        (Closes: #921969)

Created: 2018-08-06 Last update: 2020-05-20 18:04

7 ignored security issues in jessie low

There are 7 open security issues in jessie.

7 issues skipped by the security teams:

CVE-2019-20631: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20630: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20632: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVE-2020-6630: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2019-20629: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVE-2019-20628: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

Please fix them.

Created: 2019-07-17 Last update: 2020-05-25 19:35

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2016-04-09 Last update: 2016-04-09 19:00

testing migrations

This package will soon be part of the auto-gpac transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-01-20] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u5 (source amd64) into oldoldstable (Sylvain Beucler)
[2019-06-30] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u4 (source amd64) into oldstable (Thorsten Alteholz)
[2019-04-25] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u3 (source amd64) into oldstable (Thorsten Alteholz)
[2019-04-17] gpac 0.5.2-426-gc5ad4e4+dfsg5-5 MIGRATED to testing (Debian testing watch)
[2019-04-16] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1 (source) into testing->embargoed, testing (Salvatore Bonaccorso)
[2019-04-16] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1 (source) into testing-proposed-updates (Salvatore Bonaccorso)
[2019-04-14] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2019-04-13] Accepted gpac 0.7.1+dfsg1-3 (source) into experimental (Reinhard Tartler)
[2019-04-13] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (source) into unstable (Reinhard Tartler)
[2019-04-10] Accepted gpac 0.7.1+dfsg1-2 (amd64 source) into experimental, experimental (Reinhard Tartler)
[2019-04-07] gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 MIGRATED to testing (Debian testing watch)
[2019-04-01] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (source amd64) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2019-02-27] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u2 (source amd64) into oldstable (Thorsten Alteholz)
[2018-07-19] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u1 (source) into oldstable (Brian May)
[2018-05-31] gpac 0.5.2-426-gc5ad4e4+dfsg5-4 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-4 (source) into unstable (James Cowgill)
[2016-08-10] gpac 0.5.2-426-gc5ad4e4+dfsg5-3 MIGRATED to testing (Debian testing watch)
[2016-08-04] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-3 (source) into unstable (James Cowgill)
[2016-04-01] gpac 0.5.2-426-gc5ad4e4+dfsg5-2 MIGRATED to testing (Debian testing watch)
[2016-03-09] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-2 (source) into unstable (Sebastian Ramacher)
[2015-07-15] gpac 0.5.2-426-gc5ad4e4+dfsg5-1 MIGRATED to testing (Britney)
[2015-07-09] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-1 (source amd64) into unstable, unstable (Alessio Treglia)
[2015-07-04] gpac 0.5.2-426-gc5ad4e4~dfsg4-1 MIGRATED to testing (Britney)
[2015-06-28] Accepted gpac 0.5.2-426-gc5ad4e4~dfsg4-1 (source) into unstable (Balint Reczey)
[2014-08-06] gpac 0.5.0+svn5324~dfsg1-1 MIGRATED to testing (Britney)
[2014-07-31] Accepted gpac 0.5.0+svn5324~dfsg1-1 (source amd64) into unstable (Alessio Treglia)
[2014-07-19] gpac 0.5.0+svn5294~dfsg1-1 MIGRATED to testing (Britney)
[2014-07-08] Accepted gpac 0.5.0+svn5294~dfsg1-1 (source amd64) (Alessio Treglia)
[2014-07-07] Accepted gpac 0.5.0+svn5194~dfsg1-4 (source amd64) (Alessio Treglia)
[2014-06-04] gpac 0.5.0+svn5194~dfsg1-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 8
RC: 0
I&N: 6
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian (0, 4)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.5.2-426-gc5ad4e4+dfsg5-5
6 bugs