[SECURITY] [DLA 1432-1] gpac security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : gpac
Version : 0.5.0+svn5324~dfsg1-1+deb8u1
CVE ID : CVE-2018-13005 CVE-2018-13006
Debian Bug : 902782
Two heap buffer over read conditions were found in gpac.
CVE-2018-13005
Due to an error in a while loop condition, the function urn_Read in
isomedia/box_code_base.c has a heap-based buffer over-read.
CVE-2018-13006
Due to an error in a strlen call, there is a heap-based buffer over-read
in the isomedia/box_dump.c function hdlr_dump.
For Debian 8 "Jessie", these problems have been fixed in version
0.5.0+svn5324~dfsg1-1+deb8u1.
We recommend that you upgrade your gpac packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAltQPIgACgkQKpJZkldk
SvrU8g//ft00mefduu3lksat5N2QYzbOf9DhXBD4qpEq7kHUe1DHrm2M7ZcrL7Nt
jj/UYCgqIb4GOo6lqFj+JDghHwRtOVaB5VVmfy5JNDlQqf3mMkNUE1GqhddFVH7c
L4NNZWgKRO/VN5wFqbRpKP0PwVh1DuY7zi1iGgq3/2x+LSbXkEvz4UWYNXhG9CGy
RH9GP5G/51luvA8/H8ZSLeuOhxHa6LTRJHSY/2GDRBakCSaL8nZPgBvla1qMmoaO
l64BQS523kLPP+TnSz6IATETG9GlNc+wcFVq+n3tX5ug8JdTjJ0ew9kOCdwuEXX8
lO0V4m1GXDif5C4NSLTQAFOa70B8OBL7c9/7hdvmHpqodKNqhlki17Tce8x4NFS5
4LUVCkC08qL2GjFlGOFvCBtNbp196B06gBhvwUHdC/Z0SPsUJx71dvVpjXuiBi+X
5/V1cTezSMVa3QxUdUMggwwq1uIz524ASFbbfUHHqjHdcBEPvv8PzANF6U76pKQU
7U1/Wwf4IOkdE3J7KhthzHxWSDCupqrDE2O6qs6kXfm1ohgTvSHla83d+pAKo5J1
rAUEcvXLwdlq6vA0O7ZUMN5auQ1nOYL+W9N3owzXeXGwcO1p7bE6B+egBoKkvF9T
Ru9nbAjf8GGCgkYh0ohH5lL2SLBIAD3iPAwD6IIh35lQs5570LQ=
=EfGy
-----END PGP SIGNATURE-----
Reply to: