Debian Package Tracker

general

source: gpac (main)
version: 0.5.2-426-gc5ad4e4+dfsg5-5
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Reinhard Tartler [DMD] – Alessio Treglia [DMD] – Balint Reczey [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.5.0+svn5324~dfsg1-1
old-sec: 0.5.0+svn5324~dfsg1-1+deb8u2
stable: 0.5.2-426-gc5ad4e4+dfsg5-3
stable-p-u: 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
testing: 0.5.2-426-gc5ad4e4+dfsg5-5
test-sec: 0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1
unstable: 0.5.2-426-gc5ad4e4+dfsg5-5
exp: 0.7.1+dfsg1-3

versioned links

0.5.0+svn5324~dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.0+svn5324~dfsg1-1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.2-426-gc5ad4e4+dfsg5-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.7.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gpac
gpac-modules-base
libgpac-dev
libgpac4

action needed

A new upstream version is available: 0.7.1 high

A new upstream version 0.7.1 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-04-20 23:06

2 security issues in jessie high

There are 2 open security issues in jessie.

2 important issues:

CVE-2019-11221: GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
CVE-2019-11222: gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

Please fix them.

Created: 2019-04-13 Last update: 2019-04-17 06:08

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2018-04-16 Last update: 2019-04-14 08:00

7 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 711ae65a47384b18753e45394caaf905b6b291d0
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:52:18 2019 -0400

    debian/changelog: Update for experimental

commit 1331dfa0d9f542f60718d06fea9e0b45cf6c2ba7
Merge: 94f9b9a68 5b2f0da57
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:46:54 2019 -0400

    Merge branch 'master' into experimental

commit 5b2f0da57623c16a14e60eda002ca00ccc3f8d30
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Apr 13 16:41:32 2019 -0400

    debian/changelog: Fix email address

commit 5f5a3bea41849286d8431e558367bbf97368c613
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Apr 12 21:23:57 2019 -0400

    Prepare new upload
    
    * Bug fix: "CVE-2019-11222: Buffer-overflow in gf_bin128_parse", thanks
      to Salvatore Bonaccorso (Closes: #926961).
    * Bug fix: "CVE-2019-11221: buffer-overflow issue in gf_import_message()
      in media_import.c", thanks to Salvatore Bonaccorso (Closes: #926963).

commit 94f9b9a68fa2d230f72c5f66ab2456fc4d8e32e3
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Apr 7 10:54:31 2019 -0400

    debian/changelog: Upload to experimental

commit 4c8e357bb0cf6cde4c6ee115dc9b2a01df668516
Merge: fffa1991e d92c6b0ba
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Apr 7 10:52:54 2019 -0400

    Merge branch 'master' into experimental

commit d92c6b0ba3ddf7f910e9efd8ee047de8975a2929
Author: Moritz Muehlenhoff <jmm@debian.org>
Date:   Mon Apr 1 23:07:02 2019 +0200

    Import Debian changes 0.5.2-426-gc5ad4e4+dfsg5-4.1
    
    gpac (0.5.2-426-gc5ad4e4+dfsg5-4.1) unstable; urgency=medium
    
      * CVE-2018-7752 (Closes: #892526)
      * CVE-2018-13005, CVE-2018-13006 (Closes: #902782)
      * CVE-2018-20760, CVE-2018-20761, CVE-2018-20762, CVE-2018-20763
        (Closes: #921969)

Created: 2018-08-06 Last update: 2019-04-21 01:07

9 ignored security issues in stretch low

There are 9 open security issues in stretch.

9 issues skipped by the security teams:

CVE-2018-13006: An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.
CVE-2018-20760: In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
CVE-2018-20761: GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.
CVE-2018-13005: An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
CVE-2018-7752: GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
CVE-2018-20763: In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
CVE-2019-11221: GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
CVE-2019-11222: gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.
CVE-2018-20762: GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

Please fix them.

Created: 2018-03-08 Last update: 2019-04-17 06:08

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2016-04-09 Last update: 2016-04-09 19:00

testing migrations

This package will soon be part of the auto-gpac transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-04-17] gpac 0.5.2-426-gc5ad4e4+dfsg5-5 MIGRATED to testing (Debian testing watch)
[2019-04-16] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1 (source) into testing->embargoed, testing (Salvatore Bonaccorso)
[2019-04-16] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5~deb10u1 (source) into testing-proposed-updates (Salvatore Bonaccorso)
[2019-04-14] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2019-04-13] Accepted gpac 0.7.1+dfsg1-3 (source) into experimental (Reinhard Tartler)
[2019-04-13] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (source) into unstable (Reinhard Tartler)
[2019-04-10] Accepted gpac 0.7.1+dfsg1-2 (amd64 source) into experimental, experimental (Reinhard Tartler)
[2019-04-07] gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 MIGRATED to testing (Debian testing watch)
[2019-04-01] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (source amd64) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2019-02-27] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u2 (source amd64) into oldstable (Thorsten Alteholz)
[2018-07-19] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u1 (source) into oldstable (Brian May)
[2018-05-31] gpac 0.5.2-426-gc5ad4e4+dfsg5-4 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-4 (source) into unstable (James Cowgill)
[2016-08-10] gpac 0.5.2-426-gc5ad4e4+dfsg5-3 MIGRATED to testing (Debian testing watch)
[2016-08-04] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-3 (source) into unstable (James Cowgill)
[2016-04-01] gpac 0.5.2-426-gc5ad4e4+dfsg5-2 MIGRATED to testing (Debian testing watch)
[2016-03-09] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-2 (source) into unstable (Sebastian Ramacher)
[2015-07-15] gpac 0.5.2-426-gc5ad4e4+dfsg5-1 MIGRATED to testing (Britney)
[2015-07-09] Accepted gpac 0.5.2-426-gc5ad4e4+dfsg5-1 (source amd64) into unstable, unstable (Alessio Treglia)
[2015-07-04] gpac 0.5.2-426-gc5ad4e4~dfsg4-1 MIGRATED to testing (Britney)
[2015-06-28] Accepted gpac 0.5.2-426-gc5ad4e4~dfsg4-1 (source) into unstable (Balint Reczey)
[2014-08-06] gpac 0.5.0+svn5324~dfsg1-1 MIGRATED to testing (Britney)
[2014-07-31] Accepted gpac 0.5.0+svn5324~dfsg1-1 (source amd64) into unstable (Alessio Treglia)
[2014-07-19] gpac 0.5.0+svn5294~dfsg1-1 MIGRATED to testing (Britney)
[2014-07-08] Accepted gpac 0.5.0+svn5294~dfsg1-1 (source amd64) (Alessio Treglia)
[2014-07-07] Accepted gpac 0.5.0+svn5194~dfsg1-4 (source amd64) (Alessio Treglia)
[2014-06-04] gpac 0.5.0+svn5194~dfsg1-3 MIGRATED to testing (Debian testing watch)
[2014-05-30] Accepted gpac 0.5.0+svn5194~dfsg1-3 (source amd64) (Reinhard Tartler)
[2014-05-22] gpac 0.5.0+svn5194~dfsg1-2 MIGRATED to testing (Debian testing watch)
[2014-05-11] Accepted gpac 0.5.0+svn5194~dfsg1-2 (source amd64) (Reinhard Tartler)

bugs [bug history graph]

all: 3
RC: 0
I&N: 1
M&W: 2
F&P: 0
patch: 0

links

homepage
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.5.2-426-gc5ad4e4+dfsg5-4ubuntu1
6 bugs
patches for 0.5.2-426-gc5ad4e4+dfsg5-4ubuntu1