[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033116: marked as done (gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-46489 CVE-2022-46490 CVE-2022-47086 CVE-2022-47087 CVE-2022-47088 CVE-2022-47089 CVE-2022-47091 CVE-2022-47092 CVE-2022-47093 CVE-2022-47094 CVE-2022-47095 CVE-2022-47653 CVE-2022-47654 CVE-2022-47656 CVE-2022-47657 CVE-2022-47658 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0358 CVE-2023-0760 CVE-2023-0770 CVE-2023-0817 CVE-2023-0818 CVE-2023-0819)

Your message dated Wed, 13 Sep 2023 07:49:09 +0000
with message-id <E1qgKcX-00HAYp-UH@fasolo.debian.org>
and subject line Bug#1033116: fixed in gpac 2.2.1+dfsg1-2
has caused the Debian Bug report #1033116,
regarding gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-46489 CVE-2022-46490 CVE-2022-47086 CVE-2022-47087 CVE-2022-47088 CVE-2022-47089 CVE-2022-47091 CVE-2022-47092 CVE-2022-47093 CVE-2022-47094 CVE-2022-47095 CVE-2022-47653 CVE-2022-47654 CVE-2022-47656 CVE-2022-47657 CVE-2022-47658 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0358 CVE-2023-0760 CVE-2023-0770 CVE-2023-0817 CVE-2023-0818 CVE-2023-0819
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033116
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.

https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf

CVE-2023-0866[2]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3.0-DEV.

https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937

CVE-2022-4202[3]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function
| lsr_translate_coords of the file laser/lsr_dec.c. The manipulation
| leads to integer overflow. It is possible to launch the attack
| remotely. The exploit has been disclosed to the public and may be
| used. The name of the patch is
| b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a
| patch to fix this issue. VDB-214518 is the identifier assigned to this
| vulnerability.

https://github.com/gpac/gpac/issues/2333
https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908

CVE-2022-43039[4]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_meta_restore_items_ref
| at /isomedia/meta.c.

https://github.com/gpac/gpac/issues/2281
https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303

CVE-2023-23143[5]:
| Buffer overflow vulnerability in function avc_parse_slice in file
| media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.

https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6

CVE-2023-23144[6]:
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file
| bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.

https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86

CVE-2023-23145[7]:
| GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a
| memory leak in lsr_read_rare_full function.

https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f

CVE-2022-43040[8]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap
| buffer overflow via the function gf_isom_box_dump_start_ex at
| /isomedia/box_funcs.c.

https://github.com/gpac/gpac/issues/2280
https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e

CVE-2022-43042[9]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap
| buffer overflow via the function FixSDTPInTRAF at
| isomedia/isom_intern.c.

https://github.com/gpac/gpac/issues/2278
https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9

CVE-2022-43043[10]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function BD_CheckSFTimeOffset at
| /bifs/field_decode.c.

https://github.com/gpac/gpac/issues/2276
https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd

CVE-2022-43044[11]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_get_meta_item_info at
| /isomedia/meta.c.

https://github.com/gpac/gpac/issues/2282
https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35

CVE-2022-43045[12]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_dump_vrml_sffield at
| /scene_manager/scene_dump.c.

https://github.com/gpac/gpac/issues/2277
https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb

CVE-2022-45202[13]:
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a
| stack overflow via the function dimC_box_read at
| isomedia/box_code_3gpp.c.

https://github.com/gpac/gpac/issues/2296
https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da

CVE-2022-45283[14]:
| GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the
| smil_parse_time_list parameter at /scenegraph/svg_attributes.c.

https://github.com/gpac/gpac/issues/2295
https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df

CVE-2022-45343[15]:
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a
| heap use-after-free via the Q_IsTypeOn function at
| /gpac/src/bifs/unquantize.c.

https://github.com/gpac/gpac/issues/2315
https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4

CVE-2022-46489[16]:
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to
| contain a memory leak via the gf_isom_box_parse_ex function at
| box_funcs.c.

https://github.com/gpac/gpac/issues/2328
https://github.com/gpac/gpac/commit/44e8616ec6d0c37498cdacb81375b09249fa9daa (v2.2.0)

CVE-2022-46490[17]:
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to
| contain a memory leak via the afrt_box_read function at
| box_code_adobe.c.

https://github.com/gpac/gpac/issues/2327
https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0)

CVE-2022-47086[18]:
| GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation
| violation via the function gf_sm_load_init_swf at
| scene_manager/swf_parse.c

https://github.com/gpac/gpac/issues/2337
https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)

CVE-2022-47087[19]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in
| gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2339
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)

CVE-2022-47088[20]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
| Overflow.

https://github.com/gpac/gpac/issues/2340
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)

CVE-2022-47089[21]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow
| via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2338
https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)

CVE-2022-47091[22]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow
| in gf_text_process_sub function of filters/load_text.c

https://github.com/gpac/gpac/issues/2343
https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)

CVE-2022-47092[23]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow
| vulnerability in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8316

https://github.com/gpac/gpac/issues/2347
https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)

CVE-2022-47093[24]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-
| free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

https://github.com/gpac/gpac/issues/2344
https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)

CVE-2022-47094[25]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer
| dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

https://github.com/gpac/gpac/issues/2345
https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)

CVE-2022-47095[26]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow
| in hevc_parse_vps_extension function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2346
https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)

CVE-2022-47653[27]:
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow
| in eac3_update_channels function of media_tools/av_parsers.c:9113

https://github.com/gpac/gpac/issues/2349
https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0)

CVE-2022-47654[28]:
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow
| in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8261

https://github.com/gpac/gpac/issues/2350
https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)

CVE-2022-47656[29]:
| GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow
| in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8273

https://github.com/gpac/gpac/issues/2353
https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)

CVE-2022-47657[30]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow
| in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662

https://github.com/gpac/gpac/issues/2355
https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)

CVE-2022-47658[31]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow
| in function gf_hevc_read_vps_bs_internal of
| media_tools/av_parsers.c:8039

https://github.com/gpac/gpac/issues/2356
https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)

CVE-2022-47659[32]:
| GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow
| in gf_bs_read_data

https://github.com/gpac/gpac/issues/2354
https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)

CVE-2022-47660[33]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in
| isomedia/isom_write.c

https://github.com/gpac/gpac/issues/2357
https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)

CVE-2022-47661[34]:
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow
| via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

https://github.com/gpac/gpac/issues/2358
https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)

CVE-2022-47662[35]:
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack
| overflow) due to infinite recursion in Media_GetSample
| isomedia/media.c:662

https://github.com/gpac/gpac/issues/2359
https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)

CVE-2022-47663[36]:
| GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow
| in h263dmx_process filters/reframe_h263.c:609

https://github.com/gpac/gpac/issues/2360
https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)

CVE-2023-0358[37]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b

CVE-2023-0760[38]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| V2.1.0-DEV.

https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe

CVE-2023-0770[39]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.

https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26

CVE-2023-0817[40]:
| Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7

CVE-2023-0818[41]:
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.

https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff

CVE-2023-0819[42]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| v2.3.0-DEV.

https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-3222
    https://www.cve.org/CVERecord?id=CVE-2022-3222
[1] https://security-tracker.debian.org/tracker/CVE-2023-0841
    https://www.cve.org/CVERecord?id=CVE-2023-0841
[2] https://security-tracker.debian.org/tracker/CVE-2023-0866
    https://www.cve.org/CVERecord?id=CVE-2023-0866
[3] https://security-tracker.debian.org/tracker/CVE-2022-4202
    https://www.cve.org/CVERecord?id=CVE-2022-4202
[4] https://security-tracker.debian.org/tracker/CVE-2022-43039
    https://www.cve.org/CVERecord?id=CVE-2022-43039
[5] https://security-tracker.debian.org/tracker/CVE-2023-23143
    https://www.cve.org/CVERecord?id=CVE-2023-23143
[6] https://security-tracker.debian.org/tracker/CVE-2023-23144
    https://www.cve.org/CVERecord?id=CVE-2023-23144
[7] https://security-tracker.debian.org/tracker/CVE-2023-23145
    https://www.cve.org/CVERecord?id=CVE-2023-23145
[8] https://security-tracker.debian.org/tracker/CVE-2022-43040
    https://www.cve.org/CVERecord?id=CVE-2022-43040
[9] https://security-tracker.debian.org/tracker/CVE-2022-43042
    https://www.cve.org/CVERecord?id=CVE-2022-43042
[10] https://security-tracker.debian.org/tracker/CVE-2022-43043
    https://www.cve.org/CVERecord?id=CVE-2022-43043
[11] https://security-tracker.debian.org/tracker/CVE-2022-43044
    https://www.cve.org/CVERecord?id=CVE-2022-43044
[12] https://security-tracker.debian.org/tracker/CVE-2022-43045
    https://www.cve.org/CVERecord?id=CVE-2022-43045
[13] https://security-tracker.debian.org/tracker/CVE-2022-45202
    https://www.cve.org/CVERecord?id=CVE-2022-45202
[14] https://security-tracker.debian.org/tracker/CVE-2022-45283
    https://www.cve.org/CVERecord?id=CVE-2022-45283
[15] https://security-tracker.debian.org/tracker/CVE-2022-45343
    https://www.cve.org/CVERecord?id=CVE-2022-45343
[16] https://security-tracker.debian.org/tracker/CVE-2022-46489
    https://www.cve.org/CVERecord?id=CVE-2022-46489
[17] https://security-tracker.debian.org/tracker/CVE-2022-46490
    https://www.cve.org/CVERecord?id=CVE-2022-46490
[18] https://security-tracker.debian.org/tracker/CVE-2022-47086
    https://www.cve.org/CVERecord?id=CVE-2022-47086
[19] https://security-tracker.debian.org/tracker/CVE-2022-47087
    https://www.cve.org/CVERecord?id=CVE-2022-47087
[20] https://security-tracker.debian.org/tracker/CVE-2022-47088
    https://www.cve.org/CVERecord?id=CVE-2022-47088
[21] https://security-tracker.debian.org/tracker/CVE-2022-47089
    https://www.cve.org/CVERecord?id=CVE-2022-47089
[22] https://security-tracker.debian.org/tracker/CVE-2022-47091
    https://www.cve.org/CVERecord?id=CVE-2022-47091
[23] https://security-tracker.debian.org/tracker/CVE-2022-47092
    https://www.cve.org/CVERecord?id=CVE-2022-47092
[24] https://security-tracker.debian.org/tracker/CVE-2022-47093
    https://www.cve.org/CVERecord?id=CVE-2022-47093
[25] https://security-tracker.debian.org/tracker/CVE-2022-47094
    https://www.cve.org/CVERecord?id=CVE-2022-47094
[26] https://security-tracker.debian.org/tracker/CVE-2022-47095
    https://www.cve.org/CVERecord?id=CVE-2022-47095
[27] https://security-tracker.debian.org/tracker/CVE-2022-47653
    https://www.cve.org/CVERecord?id=CVE-2022-47653
[28] https://security-tracker.debian.org/tracker/CVE-2022-47654
    https://www.cve.org/CVERecord?id=CVE-2022-47654
[29] https://security-tracker.debian.org/tracker/CVE-2022-47656
    https://www.cve.org/CVERecord?id=CVE-2022-47656
[30] https://security-tracker.debian.org/tracker/CVE-2022-47657
    https://www.cve.org/CVERecord?id=CVE-2022-47657
[31] https://security-tracker.debian.org/tracker/CVE-2022-47658
    https://www.cve.org/CVERecord?id=CVE-2022-47658
[32] https://security-tracker.debian.org/tracker/CVE-2022-47659
    https://www.cve.org/CVERecord?id=CVE-2022-47659
[33] https://security-tracker.debian.org/tracker/CVE-2022-47660
    https://www.cve.org/CVERecord?id=CVE-2022-47660
[34] https://security-tracker.debian.org/tracker/CVE-2022-47661
    https://www.cve.org/CVERecord?id=CVE-2022-47661
[35] https://security-tracker.debian.org/tracker/CVE-2022-47662
    https://www.cve.org/CVERecord?id=CVE-2022-47662
[36] https://security-tracker.debian.org/tracker/CVE-2022-47663
    https://www.cve.org/CVERecord?id=CVE-2022-47663
[37] https://security-tracker.debian.org/tracker/CVE-2023-0358
    https://www.cve.org/CVERecord?id=CVE-2023-0358
[38] https://security-tracker.debian.org/tracker/CVE-2023-0760
    https://www.cve.org/CVERecord?id=CVE-2023-0760
[39] https://security-tracker.debian.org/tracker/CVE-2023-0770
    https://www.cve.org/CVERecord?id=CVE-2023-0770
[40] https://security-tracker.debian.org/tracker/CVE-2023-0817
    https://www.cve.org/CVERecord?id=CVE-2023-0817
[41] https://security-tracker.debian.org/tracker/CVE-2023-0818
    https://www.cve.org/CVERecord?id=CVE-2023-0818
[42] https://security-tracker.debian.org/tracker/CVE-2023-0819
    https://www.cve.org/CVERecord?id=CVE-2023-0819

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: gpac
Source-Version: 2.2.1+dfsg1-2
Done: Shengjing Zhu <zhsj@debian.org>

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033116@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Shengjing Zhu <zhsj@debian.org> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Sep 2023 14:56:05 +0800
Source: gpac
Architecture: source
Version: 2.2.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Shengjing Zhu <zhsj@debian.org>
Closes: 1033116 1034187 1034732 1034890 1036701 1041380
Changes:
 gpac (2.2.1+dfsg1-2) unstable; urgency=medium
 .
   * QA upload.
   * Set maintainer to Debian QA Group <packages@qa.debian.org> (See #1038784)
   * Upload to unstable.
   * Backport patch to build with ffmpeg 6.0 (Closes: #1041380)
 .
 gpac (2.2.1+dfsg1-1) experimental; urgency=medium
 .
   * New upstream version,
     closes: #1033116, #1034732, #1034187, #1036701, #1034890
   * soname bump libgpac11 -> libgpac12
Checksums-Sha1:
 515d078cd5d15d313aee64dbd9f4e67cf8f3cef7 1792 gpac_2.2.1+dfsg1-2.dsc
 9d039fa233084402316bd9cb408c07e638b9e1d0 37648 gpac_2.2.1+dfsg1-2.debian.tar.xz
 701e4931c4284d79759357714aec8292f05c1236 5325 gpac_2.2.1+dfsg1-2_source.buildinfo
Checksums-Sha256:
 fec96c4cc0e5b24291bd9c057959f945bd70f3eff64e19059cebee6f4c71b5cc 1792 gpac_2.2.1+dfsg1-2.dsc
 af3728f8e7f919a92f63013a2b8c77143202f68d2320fb1c3bede45696cb133b 37648 gpac_2.2.1+dfsg1-2.debian.tar.xz
 e1f7d5b34b614d5575a1935c714b3deef8e6a3f752888a5e1e793d13c0e842fd 5325 gpac_2.2.1+dfsg1-2_source.buildinfo
Files:
 97d4a6d4b6b9495e9d629076fdc3f00a 1792 graphics optional gpac_2.2.1+dfsg1-2.dsc
 59c4c28301588d18b2772b4d7d2c01d1 37648 graphics optional gpac_2.2.1+dfsg1-2.debian.tar.xz
 13e61d51c866f3a27f2b029ed6e9b2b4 5325 graphics optional gpac_2.2.1+dfsg1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCZQFiHAAKCRB/RPol6lUU
y1LPAP46U6+EIJ9QVlkB7/alzOVjS8rwJtv3AXCP8hiN1MQmzwD/eA+xNfWYmjYC
ttFLF72wb/NNs+Jvc+UX71Z/j73NJwQ=
=4Rgn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: