[SECURITY] [DLA 1432-1] gpac security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1432-1] gpac security update
From: Brian May <bam@debian.org>
Date: Thu, 19 Jul 2018 17:49:31 +1000
Message-id: <[🔎] 20180719074931.4ywul7knejcybtpr@silverfish.pri>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gpac
Version        : 0.5.0+svn5324~dfsg1-1+deb8u1
CVE ID         : CVE-2018-13005 CVE-2018-13006
Debian Bug     : 902782

Two heap buffer over read conditions were found in gpac.

CVE-2018-13005

    Due to an error in a while loop condition, the function urn_Read in
    isomedia/box_code_base.c has a heap-based buffer over-read.

CVE-2018-13006

    Due to an error in a strlen call, there is a heap-based buffer over-read
    in the isomedia/box_dump.c function hdlr_dump.

For Debian 8 "Jessie", these problems have been fixed in version
0.5.0+svn5324~dfsg1-1+deb8u1.

We recommend that you upgrade your gpac packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAltQPIgACgkQKpJZkldk
SvrU8g//ft00mefduu3lksat5N2QYzbOf9DhXBD4qpEq7kHUe1DHrm2M7ZcrL7Nt
jj/UYCgqIb4GOo6lqFj+JDghHwRtOVaB5VVmfy5JNDlQqf3mMkNUE1GqhddFVH7c
L4NNZWgKRO/VN5wFqbRpKP0PwVh1DuY7zi1iGgq3/2x+LSbXkEvz4UWYNXhG9CGy
RH9GP5G/51luvA8/H8ZSLeuOhxHa6LTRJHSY/2GDRBakCSaL8nZPgBvla1qMmoaO
l64BQS523kLPP+TnSz6IATETG9GlNc+wcFVq+n3tX5ug8JdTjJ0ew9kOCdwuEXX8
lO0V4m1GXDif5C4NSLTQAFOa70B8OBL7c9/7hdvmHpqodKNqhlki17Tce8x4NFS5
4LUVCkC08qL2GjFlGOFvCBtNbp196B06gBhvwUHdC/Z0SPsUJx71dvVpjXuiBi+X
5/V1cTezSMVa3QxUdUMggwwq1uIz524ASFbbfUHHqjHdcBEPvv8PzANF6U76pKQU
7U1/Wwf4IOkdE3J7KhthzHxWSDCupqrDE2O6qs6kXfm1ohgTvSHla83d+pAKo5J1
rAUEcvXLwdlq6vA0O7ZUMN5auQ1nOYL+W9N3owzXeXGwcO1p7bE6B+egBoKkvF9T
Ru9nbAjf8GGCgkYh0ohH5lL2SLBIAD3iPAwD6IIh35lQs5570LQ=
=EfGy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1431-1] ant security update
Next by Date: [SECURITY] [DLA 1433-1] openjpeg2 security update
Previous by thread: [SECURITY] [DLA 1431-1] ant security update
Next by thread: [SECURITY] [DLA 1433-1] openjpeg2 security update
Index(es):
- Date
- Thread