Bug#994756: Update impact

To: 994756@bugs.debian.org, <control@bugs.debian.org>
Subject: Bug#994756: Update impact
From: Neil Williams <codehelp@debian.org>
Date: Tue, 21 Sep 2021 09:17:09 +0100
Message-id: <[🔎] 20210921091709.43254426@felix.codehelp>
Reply-to: Neil Williams <codehelp@debian.org>, 994756@bugs.debian.org
References: <[🔎] 163214834215.2609456.2175421686659006180.reportbug@mail.sceal.ie>

severity 994756 important
thanks

The CVEs mentioned have been assessed as minor issues, likely to only
cause the ccextractor command line utility to crash.

The embedded gpac code in ccextractor is mostly limited to just the
gpac source code files that ccextractor needs to process video files,
so most, if not all, of the code paths in the upstream gpacmp4 directory
should be reachable with appropriate test videos.

bullseye and buster updates can be made via proposed-updates.

Downgrading the bug against bullseye and buster versions to not block
migration of the 0.93+ds2-1 fixes into bookworm, reflecting the assessed
security impact.

-- 
Neil Williams
=============
https://linux.codehelp.co.uk/

Attachment: pgpRMGI66WoI0.pgp
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Processed: Update impact
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

References:
- Bug#994756: ITP: findlibs -- Trivial python package to find C libraries
  - From: Alastair McKinstry <mckinstry@debian.org>

Prev by Date: Bug#994805: ITP: r-cran-lamw -- GNU R Lambert-W function
Next by Date: Processed: Update impact
Previous by thread: Bug#994756: ITP: findlibs -- Trivial python package to find C libraries
Next by thread: Processed: Update impact
Index(es):
- Date
- Thread