Your message dated Wed, 1 Sep 2021 21:54:34 +0200 with message-id <YS/aehGP6W9903YY@ramacher.at> and subject line Re: Bug#987020: gpac: CVE-2021-28300 has caused the Debian Bug report #987020, regarding gpac: CVE-2021-28300 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 987020: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987020 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: gpac: CVE-2021-28300
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 15 Apr 2021 20:40:20 +0200
- Message-id: <161851202064.2003881.10130026556900127034.reportbug@eldamar.lan>
Source: gpac Version: 1.0.1+dfsg1-3 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/1702 X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-5 Hi, The following vulnerability was published for gpac. CVE-2021-28300[0]: | NULL Pointer Dereference in the "isomedia/track.c" module's | "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute | arbitrary code or cause a Denial-of-Service (DoS) by uploading a | malicious MP4 file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-28300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28300 [1] https://github.com/gpac/gpac/issues/1702 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: Salvatore Bonaccorso <carnil@debian.org>, 987020-done@bugs.debian.org
- Subject: Re: Bug#987020: gpac: CVE-2021-28300
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Wed, 1 Sep 2021 21:54:34 +0200
- Message-id: <YS/aehGP6W9903YY@ramacher.at>
- In-reply-to: <161851202064.2003881.10130026556900127034.reportbug@eldamar.lan>
- References: <161851202064.2003881.10130026556900127034.reportbug@eldamar.lan>
Version: 1.0.0+dfsg1-4 On 2021-04-15 20:40:20 +0200, Salvatore Bonaccorso wrote: > Source: gpac > Version: 1.0.1+dfsg1-3 > Severity: important > Tags: security upstream > Forwarded: https://github.com/gpac/gpac/issues/1702 > X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> > Control: found -1 0.5.2-426-gc5ad4e4+dfsg5-5 > > Hi, > > The following vulnerability was published for gpac. > > CVE-2021-28300[0]: > | NULL Pointer Dereference in the "isomedia/track.c" module's > | "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute > | arbitrary code or cause a Denial-of-Service (DoS) by uploading a > | malicious MP4 file. This was fixed in 1.0.0+dfsg1-4 Cheers > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-28300 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28300 > [1] https://github.com/gpac/gpac/issues/1702 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > -- Sebastian RamacherAttachment: signature.asc
Description: PGP signature
--- End Message ---