Bug#926963: marked as done (gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_import.c)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 13 Apr 2019 21:03:41 +0000
with message-id <E1hFPoL-000FB3-VI@fasolo.debian.org>
and subject line Bug#926963: fixed in gpac 0.5.2-426-gc5ad4e4+dfsg5-5
has caused the Debian Bug report #926963,
regarding gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_import.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926963
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_import.c
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Fri, 12 Apr 2019 22:25:36 +0200
• Message-id: <[🔎] 155510073632.28859.16082765983994910566.reportbug@eldamar.local>

Source: gpac
Version: 0.5.2-426-gc5ad4e4+dfsg5-4.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/1203
Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-3

Hi,

The following vulnerability was published for gpac.

CVE-2019-11221[0]:
| GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in
| media_import.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-11221
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11221
[1] https://github.com/gpac/gpac/issues/1203
[2] https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 926963-close@bugs.debian.org
• Subject: Bug#926963: fixed in gpac 0.5.2-426-gc5ad4e4+dfsg5-5
• From: Reinhard Tartler <siretart@tauware.de>
• Date: Sat, 13 Apr 2019 21:03:41 +0000
• Message-id: <E1hFPoL-000FB3-VI@fasolo.debian.org>

Source: gpac
Source-Version: 0.5.2-426-gc5ad4e4+dfsg5-5

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926963@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Apr 2019 16:41:15 -0400
Source: gpac
Architecture: source
Version: 0.5.2-426-gc5ad4e4+dfsg5-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 926961 926963
Changes:
 gpac (0.5.2-426-gc5ad4e4+dfsg5-5) unstable; urgency=medium
 .
   [ Moritz Muehlenhoff ]
   * Bug fix: "CVE-2019-11222: Buffer-overflow in gf_bin128_parse", thanks
     to Salvatore Bonaccorso (Closes: #926961).
   * Bug fix: "CVE-2019-11221: buffer-overflow issue in gf_import_message()
     in media_import.c", thanks to Salvatore Bonaccorso (Closes: #926963).
Checksums-Sha1:
 87ee388ad9fc8d3602c02b8b52a67ae45786ef69 2707 gpac_0.5.2-426-gc5ad4e4+dfsg5-5.dsc
 1704c931348d58dba7778007e88569690a7f3afc 43692 gpac_0.5.2-426-gc5ad4e4+dfsg5-5.debian.tar.xz
Checksums-Sha256:
 8d2584c04673ff9ca9b235d42bb3ce37caaaf71205d4bc1a5ca549bdaae6ed7a 2707 gpac_0.5.2-426-gc5ad4e4+dfsg5-5.dsc
 a827ba9c1fdc64ef9a04515e306cba8f614eafa2730b83eea3cf6a57cfbfcbd4 43692 gpac_0.5.2-426-gc5ad4e4+dfsg5-5.debian.tar.xz
Files:
 e8fb23750dea9aed3c8617a85a2d3151 2707 graphics optional gpac_0.5.2-426-gc5ad4e4+dfsg5-5.dsc
 5aa9f8ecce5a70745c10638480b2c42c 43692 graphics optional gpac_0.5.2-426-gc5ad4e4+dfsg5-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAlyySd4UHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsuLWg//aWCbEl3s1559yhebhhtJj/Hx92fj
KTMiAstjBtig0vX1sGunzI/qK24aHq+90Ld2kWxk9N7IBL2wcl1GkjuyvtSZQOSh
oaD8v9jjtiGBdETNctG5JKsZXQ60RLJUWmDeiV278jfqFjcWD3YV7pQ9jojFaKJG
SBFE4/f22QVnmJDYQAGBzbIqR3PU6+auYDJianPSvL3qEyFI2AXDN3N/wwIWYkk6
c30Ouqm1Wm3YPQFDp/p7I0DQjM0qukIg9AXLvAHWwjxv9IAVj0fWcz/vDlL+Z4IQ
unXWHWFiOXJe8+kVgXuGPvFR+lDqNwlxjiGM4agPyMdpduRfECzAliWKNq6kIZdr
aIIEOid0mdI33IAG045nqfNPBnoP8RJxZ6Td8y/6zXEPzK/GjsGZ/rh01w1XUo8N
ukz9nK55eIAZXt2HcyPP4bVPOYTwUjudCa8VJIUvlpTeJY6Fq+l4/rQy4fvb2Thg
Es+tA6dHy3fNbHM22Mv+GfFlIFZcnACHf79h4nrJF4R3FXGzcbkUynuhi/F/sQaf
2Kt/mgjwENEiTwtcp4LAedaTgA/EslM1MWsFJ+ukKDfYBOLURpIIs2qV5wdzxbXg
0KfMp5OvzjrHnKH/hEK+4V5mlYse098ekctT/Kk1Qv0RndOwSP5UiUmbl73cex85
N+NrCdXrzm7XID8=
=CYuu
-----END PGP SIGNATURE-----

--- End Message ---