[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033116: marked as done (gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-46489 CVE-2022-46490 CVE-2022-47086 CVE-2022-47087 CVE-2022-47088 CVE-2022-47089 CVE-2022-47091 CVE-2022-47092 CVE-2022-47093 CVE-2022-47094 CVE-2022-47095 CVE-2022-47653 CVE-2022-47654 CVE-2022-47656 CVE-2022-47657 CVE-2022-47658 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0358 CVE-2023-0760 CVE-2023-0770 CVE-2023-0817 CVE-2023-0818 CVE-2023-0819)

Your message dated Tue, 20 Jun 2023 18:06:26 +0000
with message-id <E1qBfkI-005kTS-H2@fasolo.debian.org>
and subject line Bug#1033116: fixed in gpac 2.2.1+dfsg1-1
has caused the Debian Bug report #1033116,
regarding gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-46489 CVE-2022-46490 CVE-2022-47086 CVE-2022-47087 CVE-2022-47088 CVE-2022-47089 CVE-2022-47091 CVE-2022-47092 CVE-2022-47093 CVE-2022-47094 CVE-2022-47095 CVE-2022-47653 CVE-2022-47654 CVE-2022-47656 CVE-2022-47657 CVE-2022-47658 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0358 CVE-2023-0760 CVE-2023-0770 CVE-2023-0817 CVE-2023-0818 CVE-2023-0819
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033116
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2022-3222[0]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.

https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf

CVE-2023-0866[2]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3.0-DEV.

https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937

CVE-2022-4202[3]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function
| lsr_translate_coords of the file laser/lsr_dec.c. The manipulation
| leads to integer overflow. It is possible to launch the attack
| remotely. The exploit has been disclosed to the public and may be
| used. The name of the patch is
| b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a
| patch to fix this issue. VDB-214518 is the identifier assigned to this
| vulnerability.

https://github.com/gpac/gpac/issues/2333
https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908

CVE-2022-43039[4]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_meta_restore_items_ref
| at /isomedia/meta.c.

https://github.com/gpac/gpac/issues/2281
https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303

CVE-2023-23143[5]:
| Buffer overflow vulnerability in function avc_parse_slice in file
| media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.

https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6

CVE-2023-23144[6]:
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file
| bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.

https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86

CVE-2023-23145[7]:
| GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a
| memory leak in lsr_read_rare_full function.

https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f

CVE-2022-43040[8]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap
| buffer overflow via the function gf_isom_box_dump_start_ex at
| /isomedia/box_funcs.c.

https://github.com/gpac/gpac/issues/2280
https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e

CVE-2022-43042[9]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap
| buffer overflow via the function FixSDTPInTRAF at
| isomedia/isom_intern.c.

https://github.com/gpac/gpac/issues/2278
https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9

CVE-2022-43043[10]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function BD_CheckSFTimeOffset at
| /bifs/field_decode.c.

https://github.com/gpac/gpac/issues/2276
https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd

CVE-2022-43044[11]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_get_meta_item_info at
| /isomedia/meta.c.

https://github.com/gpac/gpac/issues/2282
https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35

CVE-2022-43045[12]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_dump_vrml_sffield at
| /scene_manager/scene_dump.c.

https://github.com/gpac/gpac/issues/2277
https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb

CVE-2022-45202[13]:
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a
| stack overflow via the function dimC_box_read at
| isomedia/box_code_3gpp.c.

https://github.com/gpac/gpac/issues/2296
https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783
Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da

CVE-2022-45283[14]:
| GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the
| smil_parse_time_list parameter at /scenegraph/svg_attributes.c.

https://github.com/gpac/gpac/issues/2295
https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df

CVE-2022-45343[15]:
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a
| heap use-after-free via the Q_IsTypeOn function at
| /gpac/src/bifs/unquantize.c.

https://github.com/gpac/gpac/issues/2315
https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4

CVE-2022-46489[16]:
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to
| contain a memory leak via the gf_isom_box_parse_ex function at
| box_funcs.c.

https://github.com/gpac/gpac/issues/2328
https://github.com/gpac/gpac/commit/44e8616ec6d0c37498cdacb81375b09249fa9daa (v2.2.0)

CVE-2022-46490[17]:
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to
| contain a memory leak via the afrt_box_read function at
| box_code_adobe.c.

https://github.com/gpac/gpac/issues/2327
https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0)

CVE-2022-47086[18]:
| GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation
| violation via the function gf_sm_load_init_swf at
| scene_manager/swf_parse.c

https://github.com/gpac/gpac/issues/2337
https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0)

CVE-2022-47087[19]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in
| gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2339
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)

CVE-2022-47088[20]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer
| Overflow.

https://github.com/gpac/gpac/issues/2340
https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0)

CVE-2022-47089[21]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow
| via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2338
https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0)

CVE-2022-47091[22]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow
| in gf_text_process_sub function of filters/load_text.c

https://github.com/gpac/gpac/issues/2343
https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)

CVE-2022-47092[23]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow
| vulnerability in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8316

https://github.com/gpac/gpac/issues/2347
https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0)

CVE-2022-47093[24]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-
| free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

https://github.com/gpac/gpac/issues/2344
https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0)

CVE-2022-47094[25]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer
| dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

https://github.com/gpac/gpac/issues/2345
https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0)

CVE-2022-47095[26]:
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow
| in hevc_parse_vps_extension function of media_tools/av_parsers.c

https://github.com/gpac/gpac/issues/2346
https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0)

CVE-2022-47653[27]:
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow
| in eac3_update_channels function of media_tools/av_parsers.c:9113

https://github.com/gpac/gpac/issues/2349
https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0)

CVE-2022-47654[28]:
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow
| in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8261

https://github.com/gpac/gpac/issues/2350
https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0)

CVE-2022-47656[29]:
| GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow
| in gf_hevc_read_sps_bs_internal function of
| media_tools/av_parsers.c:8273

https://github.com/gpac/gpac/issues/2353
https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0)

CVE-2022-47657[30]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow
| in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662

https://github.com/gpac/gpac/issues/2355
https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0)

CVE-2022-47658[31]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow
| in function gf_hevc_read_vps_bs_internal of
| media_tools/av_parsers.c:8039

https://github.com/gpac/gpac/issues/2356
https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0)

CVE-2022-47659[32]:
| GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow
| in gf_bs_read_data

https://github.com/gpac/gpac/issues/2354
https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0)

CVE-2022-47660[33]:
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in
| isomedia/isom_write.c

https://github.com/gpac/gpac/issues/2357
https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0)

CVE-2022-47661[34]:
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow
| via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

https://github.com/gpac/gpac/issues/2358
https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0)

CVE-2022-47662[35]:
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack
| overflow) due to infinite recursion in Media_GetSample
| isomedia/media.c:662

https://github.com/gpac/gpac/issues/2359
https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0)

CVE-2022-47663[36]:
| GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow
| in h263dmx_process filters/reframe_h263.c:609

https://github.com/gpac/gpac/issues/2360
https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0)

CVE-2023-0358[37]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b

CVE-2023-0760[38]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| V2.1.0-DEV.

https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe

CVE-2023-0770[39]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.

https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26

CVE-2023-0817[40]:
| Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7

CVE-2023-0818[41]:
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.

https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a
https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff

CVE-2023-0819[42]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| v2.3.0-DEV.

https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef
https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-3222
    https://www.cve.org/CVERecord?id=CVE-2022-3222
[1] https://security-tracker.debian.org/tracker/CVE-2023-0841
    https://www.cve.org/CVERecord?id=CVE-2023-0841
[2] https://security-tracker.debian.org/tracker/CVE-2023-0866
    https://www.cve.org/CVERecord?id=CVE-2023-0866
[3] https://security-tracker.debian.org/tracker/CVE-2022-4202
    https://www.cve.org/CVERecord?id=CVE-2022-4202
[4] https://security-tracker.debian.org/tracker/CVE-2022-43039
    https://www.cve.org/CVERecord?id=CVE-2022-43039
[5] https://security-tracker.debian.org/tracker/CVE-2023-23143
    https://www.cve.org/CVERecord?id=CVE-2023-23143
[6] https://security-tracker.debian.org/tracker/CVE-2023-23144
    https://www.cve.org/CVERecord?id=CVE-2023-23144
[7] https://security-tracker.debian.org/tracker/CVE-2023-23145
    https://www.cve.org/CVERecord?id=CVE-2023-23145
[8] https://security-tracker.debian.org/tracker/CVE-2022-43040
    https://www.cve.org/CVERecord?id=CVE-2022-43040
[9] https://security-tracker.debian.org/tracker/CVE-2022-43042
    https://www.cve.org/CVERecord?id=CVE-2022-43042
[10] https://security-tracker.debian.org/tracker/CVE-2022-43043
    https://www.cve.org/CVERecord?id=CVE-2022-43043
[11] https://security-tracker.debian.org/tracker/CVE-2022-43044
    https://www.cve.org/CVERecord?id=CVE-2022-43044
[12] https://security-tracker.debian.org/tracker/CVE-2022-43045
    https://www.cve.org/CVERecord?id=CVE-2022-43045
[13] https://security-tracker.debian.org/tracker/CVE-2022-45202
    https://www.cve.org/CVERecord?id=CVE-2022-45202
[14] https://security-tracker.debian.org/tracker/CVE-2022-45283
    https://www.cve.org/CVERecord?id=CVE-2022-45283
[15] https://security-tracker.debian.org/tracker/CVE-2022-45343
    https://www.cve.org/CVERecord?id=CVE-2022-45343
[16] https://security-tracker.debian.org/tracker/CVE-2022-46489
    https://www.cve.org/CVERecord?id=CVE-2022-46489
[17] https://security-tracker.debian.org/tracker/CVE-2022-46490
    https://www.cve.org/CVERecord?id=CVE-2022-46490
[18] https://security-tracker.debian.org/tracker/CVE-2022-47086
    https://www.cve.org/CVERecord?id=CVE-2022-47086
[19] https://security-tracker.debian.org/tracker/CVE-2022-47087
    https://www.cve.org/CVERecord?id=CVE-2022-47087
[20] https://security-tracker.debian.org/tracker/CVE-2022-47088
    https://www.cve.org/CVERecord?id=CVE-2022-47088
[21] https://security-tracker.debian.org/tracker/CVE-2022-47089
    https://www.cve.org/CVERecord?id=CVE-2022-47089
[22] https://security-tracker.debian.org/tracker/CVE-2022-47091
    https://www.cve.org/CVERecord?id=CVE-2022-47091
[23] https://security-tracker.debian.org/tracker/CVE-2022-47092
    https://www.cve.org/CVERecord?id=CVE-2022-47092
[24] https://security-tracker.debian.org/tracker/CVE-2022-47093
    https://www.cve.org/CVERecord?id=CVE-2022-47093
[25] https://security-tracker.debian.org/tracker/CVE-2022-47094
    https://www.cve.org/CVERecord?id=CVE-2022-47094
[26] https://security-tracker.debian.org/tracker/CVE-2022-47095
    https://www.cve.org/CVERecord?id=CVE-2022-47095
[27] https://security-tracker.debian.org/tracker/CVE-2022-47653
    https://www.cve.org/CVERecord?id=CVE-2022-47653
[28] https://security-tracker.debian.org/tracker/CVE-2022-47654
    https://www.cve.org/CVERecord?id=CVE-2022-47654
[29] https://security-tracker.debian.org/tracker/CVE-2022-47656
    https://www.cve.org/CVERecord?id=CVE-2022-47656
[30] https://security-tracker.debian.org/tracker/CVE-2022-47657
    https://www.cve.org/CVERecord?id=CVE-2022-47657
[31] https://security-tracker.debian.org/tracker/CVE-2022-47658
    https://www.cve.org/CVERecord?id=CVE-2022-47658
[32] https://security-tracker.debian.org/tracker/CVE-2022-47659
    https://www.cve.org/CVERecord?id=CVE-2022-47659
[33] https://security-tracker.debian.org/tracker/CVE-2022-47660
    https://www.cve.org/CVERecord?id=CVE-2022-47660
[34] https://security-tracker.debian.org/tracker/CVE-2022-47661
    https://www.cve.org/CVERecord?id=CVE-2022-47661
[35] https://security-tracker.debian.org/tracker/CVE-2022-47662
    https://www.cve.org/CVERecord?id=CVE-2022-47662
[36] https://security-tracker.debian.org/tracker/CVE-2022-47663
    https://www.cve.org/CVERecord?id=CVE-2022-47663
[37] https://security-tracker.debian.org/tracker/CVE-2023-0358
    https://www.cve.org/CVERecord?id=CVE-2023-0358
[38] https://security-tracker.debian.org/tracker/CVE-2023-0760
    https://www.cve.org/CVERecord?id=CVE-2023-0760
[39] https://security-tracker.debian.org/tracker/CVE-2023-0770
    https://www.cve.org/CVERecord?id=CVE-2023-0770
[40] https://security-tracker.debian.org/tracker/CVE-2023-0817
    https://www.cve.org/CVERecord?id=CVE-2023-0817
[41] https://security-tracker.debian.org/tracker/CVE-2023-0818
    https://www.cve.org/CVERecord?id=CVE-2023-0818
[42] https://security-tracker.debian.org/tracker/CVE-2023-0819
    https://www.cve.org/CVERecord?id=CVE-2023-0819

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: gpac
Source-Version: 2.2.1+dfsg1-1
Done: Reinhard Tartler <siretart@tauware.de>

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033116@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 17:26:45 -0400
Binary: gpac gpac-dbgsym gpac-modules-base gpac-modules-base-dbgsym libgpac12 libgpac12-dbgsym libgpac-dev
Source: gpac
Architecture: amd64 source
Version: 2.2.1+dfsg1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 1033116 1034187 1034732 1034890 1036701
Description: 
 gpac       - GPAC Project on Advanced Content - utilities
 gpac-modules-base - GPAC Project on Advanced Content - modules
 libgpac12  - GPAC Project on Advanced Content - shared libraries
 libgpac-dev - GPAC Project on Advanced Content - development files
Changes:
 gpac (2.2.1+dfsg1-1) experimental; urgency=medium
 .
   * New upstream version,
     closes: #1033116, #1034732, #1034187, #1036701, #1034890
   * soname bump libgpac11 -> libgpac12
Checksums-Sha1: 
 cc824358adc4d1735882f368b73535f8cf28a58e 2656 gpac_2.2.1+dfsg1-1.dsc
 2d5f9416520529a971b177393dec4bc8b7248757 6671912 gpac_2.2.1+dfsg1.orig.tar.xz
 60065b475d03083521ca44782ae2b64d91b06bb4 36952 gpac_2.2.1+dfsg1-1.debian.tar.xz
 64a7f8eaaf558f935fc7d5b23fbaf3951b93ba91 529848 gpac-dbgsym_2.2.1+dfsg1-1_amd64.deb
 731b424a9830f0213f27b2820524e90754259f0c 167400 gpac-modules-base-dbgsym_2.2.1+dfsg1-1_amd64.deb
 1252028d4e1c453e505b25d82e7e2f28f00d6eb7 84424 gpac-modules-base_2.2.1+dfsg1-1_amd64.deb
 a1d0496f8430a33e85121da1bcdefa380f8544bb 16692 gpac_2.2.1+dfsg1-1_amd64.buildinfo
 bcf0c8f51347d6ebf6f1e136b198f11575afd6a7 967624 gpac_2.2.1+dfsg1-1_amd64.deb
 93de586650e3b51b7783c82ad2a8b3fd4cf3bb02 3953732 libgpac-dev_2.2.1+dfsg1-1_amd64.deb
 e5e87af6075db34f58d10efdf1256b3135abc41b 9686240 libgpac12-dbgsym_2.2.1+dfsg1-1_amd64.deb
 0aa6f9997fe86f8213e7bfd88a8f0512dff3f025 3178572 libgpac12_2.2.1+dfsg1-1_amd64.deb
Checksums-Sha256: 
 9f5a7129ef0bcf23089434d6201eb50192fd1192dc24bdccc2fec1634ad84863 2656 gpac_2.2.1+dfsg1-1.dsc
 28bebf095d82cc641c126c934c54690def60090f13a3ca6cdb17f671f1fd91f6 6671912 gpac_2.2.1+dfsg1.orig.tar.xz
 159a799edc9be37cc828e762ab7376e8ac78f36a52dd99b02b02654a2c39d2be 36952 gpac_2.2.1+dfsg1-1.debian.tar.xz
 e47b1db665c215932a3192c4a79392fd21b3a11367d3f9286ccbc5ac59251ddf 529848 gpac-dbgsym_2.2.1+dfsg1-1_amd64.deb
 6335fdfa17a942e7bcdbd7a06c5635ff39191a80fceb839d95b897d4cb1c81b1 167400 gpac-modules-base-dbgsym_2.2.1+dfsg1-1_amd64.deb
 06b838216422cf333a315b71f5742b732ac10177ef5eadfa8324993b74a07746 84424 gpac-modules-base_2.2.1+dfsg1-1_amd64.deb
 806ba5997568efa90bbca7986a69c18209c54b0d5469f7cd00cd9a856f877a5d 16692 gpac_2.2.1+dfsg1-1_amd64.buildinfo
 80140d7fdb312060994931ea1f3f1bd12b1389f5175ef05771cef5a2840024f5 967624 gpac_2.2.1+dfsg1-1_amd64.deb
 d7eca8b105fc9407a552cf6b08c88eef4f26fa59fbffbcd2b103d064c736e6ea 3953732 libgpac-dev_2.2.1+dfsg1-1_amd64.deb
 fb2f8c0639ca65ab9b077c99ff5a607bac4912757878d0ba41d972b29a57d8f5 9686240 libgpac12-dbgsym_2.2.1+dfsg1-1_amd64.deb
 75699b4d4e45d994eb94dcd97589d9b2f6283809e56c8f18dd8b6900628a7393 3178572 libgpac12_2.2.1+dfsg1-1_amd64.deb
Files: 
 111742d5a943fdd0a96ab5089affcf8f 2656 graphics optional gpac_2.2.1+dfsg1-1.dsc
 8f5197fd1b8ff84b49d63fef47e6a4d9 6671912 graphics optional gpac_2.2.1+dfsg1.orig.tar.xz
 69e64cfc2a4d181847cc87e661e3e76a 36952 graphics optional gpac_2.2.1+dfsg1-1.debian.tar.xz
 41d0a25b7c0a5cfb5868d7df9741d86f 529848 debug optional gpac-dbgsym_2.2.1+dfsg1-1_amd64.deb
 a676aa02aaa878c6da4a3307caf4b729 167400 debug optional gpac-modules-base-dbgsym_2.2.1+dfsg1-1_amd64.deb
 df745c18e3e6ab1ce1ee1d0687921cf3 84424 graphics optional gpac-modules-base_2.2.1+dfsg1-1_amd64.deb
 5a71c8ec55afbe03e854d7c19aba0fee 16692 graphics optional gpac_2.2.1+dfsg1-1_amd64.buildinfo
 5ad71db72c0a9e45a488f66b1203e334 967624 graphics optional gpac_2.2.1+dfsg1-1_amd64.deb
 d83a07834f5c351b93502333b9565924 3953732 libdevel optional libgpac-dev_2.2.1+dfsg1-1_amd64.deb
 6464392d923daa825036b24585d62c33 9686240 debug optional libgpac12-dbgsym_2.2.1+dfsg1-1_amd64.deb
 1d636ac24d132ff4caa27d461b7d2d01 3178572 libs optional libgpac12_2.2.1+dfsg1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmSQ0v4UHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJssXWhAAsh/DhIJlzZcIr8qEHLQ+F5HXuctP
f2cy4sE3BNC3zdQakNabRxgv8R6RdugIcnCWlDg0i7BkB/NaSrX9NbPx5ehmTFBW
xMxPaiewdCFlSNEwDwbS7XL19AiRxxad9zHAGWFeSlVpNHTw1Oq2ZfQoQl5Ko6wi
vXJj1dn5bnHFLfbMR1G7/Z3iZBtANMmnJBVPF85Gw3dMMFmDuJQkrS9dKU/YhFXW
XvI6iDU8Ywsm+Ep1/S3Arj7XEyTizkc1ncDGk/Va4L8Q450uOKqkSdE6sq/hCFvr
JYTg/6s+qKTs4j96SSNmBKtmXFBw1FhBbZIQLKUtiuqaRhf4egLfzHux64LFi3+8
yTSr8CdJ7wU+blRl13TELGIrLtJvV4LbbO+85R0wvjrMU0uuV2S/3xWc22XggoAy
O0ShjJAfeuj25uOc6CzrcMxXwgDRN+hhuAi+rM2kIWGPkTmJRYz67DAwIpVpWn5L
+lWVyro8TypV4zdKPeBXfI0rELUIT0BueYbM+fDjYAfZGobLmYm9lfEX2OmWxeXV
wlRrQGZB4TpmTFDxCFdWzsUMxqRjbH6yh1GnG5MdZSdfUsHB0P9B71vP2Ze+64Rb
MczlRiMNOcs0hNgtUrPg0irRjWOGNCCg6j9djjaFfkglLHKwcgDMxpJZsnaCEIno
drTnGpHiVf/O+cc=
=3Nza
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: