[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#926963: marked as done (gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_import.c)

Your message dated Sat, 13 Apr 2019 21:18:43 +0000
with message-id <E1hFQ2t-000H2e-TD@fasolo.debian.org>
and subject line Bug#926963: fixed in gpac 0.7.1+dfsg1-3
has caused the Debian Bug report #926963,
regarding gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_import.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926963
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: gpac
Version: 0.5.2-426-gc5ad4e4+dfsg5-4.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/1203
Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-3

Hi,

The following vulnerability was published for gpac.

CVE-2019-11221[0]:
| GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in
| media_import.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-11221
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11221
[1] https://github.com/gpac/gpac/issues/1203
[2] https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: gpac
Source-Version: 0.7.1+dfsg1-3

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926963@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Apr 2019 16:52:04 -0400
Source: gpac
Architecture: source
Version: 0.7.1+dfsg1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 926961 926963
Changes:
 gpac (0.7.1+dfsg1-3) experimental; urgency=medium
 .
   * Merge security patches from unstable
     Closes: #926961, Closes: #926963
Checksums-Sha1:
 9666e1ad1d5edc9b7a09be98e4c554dcc600e445 2691 gpac_0.7.1+dfsg1-3.dsc
 a20e01d9353bf4dfda445647456084f7d0b66f5d 45448 gpac_0.7.1+dfsg1-3.debian.tar.xz
Checksums-Sha256:
 26276b5e08112751122aaad4ae22e826d3552abeb75541450b105e47ef665068 2691 gpac_0.7.1+dfsg1-3.dsc
 8b7036374d56a9c9f0dfb3e3a757dac301ecc45ef39d331161bff596bedb9d85 45448 gpac_0.7.1+dfsg1-3.debian.tar.xz
Files:
 a15eb462cc2ce70ca570e33e2aeb528e 2691 graphics optional gpac_0.7.1+dfsg1-3.dsc
 bda1c51a0d0ce0f13287dbbd9e1c6e7e 45448 graphics optional gpac_0.7.1+dfsg1-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAlyyTq4UHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJssD3Q/+KmZz2HFWLTN/2S1ljlWjCzCuJPt8
+CimxsyDPGoMFR4GElCcEdJK/Xi+poAINYlHARxHGJw5ZtbhG7YppaLO2HfNUBQz
Hng7TxE3jlgj6ExeUnRLiu/gcq2COFn1+j9HmdWA1XmejxW2i6UG7rsGuAgii97L
vqpQJmxAJNWmM+fxVJdpkWed+zUb/iB6byhaBSTzdUVcaotu25GPwSEvWkX+jmMC
Xr2GjqDQA/+BpqCfhA8zCQgRDdErZlvUDYfdXTyO3y20VuR+2xI7fKeJHcYVJACe
BoEiE0oipfXhtElzsns7ufHH4oZobs+3mixTxID1BHiZGKuszB1jCDF+dcOwXE+G
rrENJf8kOje3EHiE9i9DMZHQ0nYclqQXlcZrsAXXOya8H0Z+Gwg9i7bPhxHQYS2J
qJErMrAYBLXrr8TwKN6rNFAk1MPGMNZU7k6p5tzS4AgRuv5lMUlQ2sMRV3RPPsKp
qtbAhnMuu5Ebasn0Ro9Mt3T7LznRvTXQHY9UkyIO9rukCZwnR9Hc5eVkL5DJ483P
uZGzsJj0If8SSg5VZdSunACkWEWw7p97wEmaJSAA+mwunyZDNX0cKv0WrzaCJfDc
Claqf4YgPxtQcklKnq4ZAmDUi5utd+ZBms75oCv06/NH8c2ZKWIpaZVot4bI8jal
sRwe53FHxouMQkg=
=jmyP
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: