Bug#972053: marked as done (CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629 CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558 CVE-2020-6630 CVE-2020-6631)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 21 Nov 2020 22:34:07 +0000
with message-id <E1kgbSJ-00076U-Q0@fasolo.debian.org>
and subject line Bug#972053: fixed in gpac 1.0.1+dfsg1-2
has caused the Debian Bug report #972053,
regarding CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629 CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558 CVE-2020-6630 CVE-2020-6631
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
972053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972053
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629 CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558 CVE-2020-6630 CVE-2020-6631
• From: Moritz Muehlenhoff <jmm@debian.org>
• Date: Sun, 11 Oct 2020 23:23:38 +0200
• Message-id: <160245141816.16135.15681320446965172685.reportbug@hullmann.westfalen.local>

Package: gpac
Version: 0.5.2-426-gc5ad4e4+dfsg5-5
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

CVE-2019-20161:
https://github.com/gpac/gpac/issues/1320
https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956

CVE-2019-20162:
https://github.com/gpac/gpac/issues/1327
https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77

CVE-2019-20163:
https://github.com/gpac/gpac/issues/1335
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)

CVE-2019-20165:
https://github.com/gpac/gpac/issues/1338
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)

CVE-2019-20170:
https://github.com/gpac/gpac/issues/1328
https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03

CVE-2019-20171:
https://github.com/gpac/gpac/issues/1337
https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c

CVE-2019-20208:
https://github.com/gpac/gpac/issues/1348
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)

CVE-2019-20628:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
https://github.com/gpac/gpac/issues/1269

CVE-2019-20629:
https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
https://github.com/gpac/gpac/issues/1264

CVE-2019-20630:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1268

CVE-2019-20631:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1270

CVE-2019-20632:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1271

CVE-2020-11558:
https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
https://github.com/gpac/gpac/issues/1440

CVE-2020-6630:
https://github.com/gpac/gpac/issues/1377
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521

CVE-2020-6631:
https://github.com/gpac/gpac/issues/1378
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
  
While individual commits refs are listed above, this should really be fixed
via a new upstream release for bullseye, after all the current base version
is from 2015

--- End Message ---

--- Begin Message ---

• To: 972053-close@bugs.debian.org
• Subject: Bug#972053: fixed in gpac 1.0.1+dfsg1-2
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 21 Nov 2020 22:34:07 +0000
• Message-id: <E1kgbSJ-00076U-Q0@fasolo.debian.org>
• Reply-to: Reinhard Tartler <siretart@tauware.de>

Source: gpac
Source-Version: 1.0.1+dfsg1-2
Done: Reinhard Tartler <siretart@tauware.de>

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 972053@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Nov 2020 17:13:44 -0500
Source: gpac
Architecture: source
Version: 1.0.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 782093 931088 932242 940882 972053
Changes:
 gpac (1.0.1+dfsg1-2) unstable; urgency=medium
 .
   * Upload to unstable
 .
 gpac (1.0.1+dfsg1-1) experimental; urgency=medium
 .
   * New upstream version
     - soname bump to libgpac10
     - Fixes lots of security issues, closes: #972053
        CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165
        CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629
        CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558
        CVE-2020-6630 CVE-2020-6631
     - Fixes CVE-2018-21015 CVE-2018-21016, closes: #940882
     - Fixes CVE-2019-13618, closes: #932242
     - Fixes CVE-2019-12481 CVE-2019-12482 CVE-2019-12483, closes: #931088
     - Fix in manpage, closes: #782093
   * Rewritten debian/copyright with help of 'cme update dpkg-copyright'
Checksums-Sha1:
 c5da7d266afdd05271119b416badf34abb2e5bea 2701 gpac_1.0.1+dfsg1-2.dsc
 2f67a74f0450d84820254d0554ad597dac4c8920 35888 gpac_1.0.1+dfsg1-2.debian.tar.xz
Checksums-Sha256:
 6e303a19bfb9209341426b8b5b163e4836b821dc3d1f99a96bcfc601e0c65178 2701 gpac_1.0.1+dfsg1-2.dsc
 6c52b8551b27b3cec3685699b2076d903340d41606c601210bde7678e4e958f6 35888 gpac_1.0.1+dfsg1-2.debian.tar.xz
Files:
 d39a8904daa918ce3f831e88deffd307 2701 graphics optional gpac_1.0.1+dfsg1-2.dsc
 5a8b6049222a28932c52b19780953d2e 35888 graphics optional gpac_1.0.1+dfsg1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAl+5kWsUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsvhGg/+M0Qz4G/XglfYAcqV36/OW2SmNhMa
2IJ8hvhwUTz7TeI4cbyGIyKjzykKilafXGL2ttP4n4wpRgQcL/uYLxmgqusavbdl
zzKiToe5uXK3/lVB2FHtXvLTPBgyT8cLVKBcKbQj863SDm+pZ3Ab26ibZ0bI3qBJ
F74WF/9wvW1/W7ZyLMFPfaoxhDgiFgyzj4t9hX/FX1uzo7y8bitm5qrZEnTSeh0+
BX0OKgt3n3nWah0fXvilSEifUsVmBaTRH+oEG6vAWII7z+fB7B8t2UEWjEfjTi6O
wB4eYpEKiywO5fCH0sqKqBe7yKPGvcpvXNuXx0FWzX9BdyN8hPcrlyhhxKQ9gCoJ
ahbmslr5GYL9/7wVhDUxW62CM9ga+7/N78geKgH819ZJs83g8CqLaOjx+HLQ3vfN
CiWwESqAMubSJuXdPE1eJoRNhoCj7EGlAFmGWbC6c14ado1KmCL9A367JfbMXanf
NVQIMkMJxg4+DNoRlHYnCQVX9rdQVF6HLRt+zD1bkSFaP4mCIkb0ZqtxT2OoX1Fc
C/02nOgnl1RvBkYAgiU5O4nUfgM2tWWq5XCz22Qnakvh3vRrtqvlC9ut1UMN9z+V
qmvwcvUFFT2VKCuM8XmBCwCfpk0/RI20Rwh5VLBVuvDjHiWil4bSgBx+6W5ihB3a
GfyAHuIHpfUOgq0=
=1yAo
-----END PGP SIGNATURE-----

--- End Message ---