Bug#1034890: closed by Debian FTP Masters <ftpmaster@ftp-master.debian.org> (reply to Reinhard Tartler <siretart@tauware.de>) (Bug#1034890: fixed in gpac 2.2.1+dfsg1-1)

To: 1034890@bugs.debian.org, Reinhard Tartler <siretart@tauware.de>
Cc: Moritz Mühlenhoff <jmm@inutil.org>
Subject: Bug#1034890: closed by Debian FTP Masters <ftpmaster@ftp-master.debian.org> (reply to Reinhard Tartler <siretart@tauware.de>) (Bug#1034890: fixed in gpac 2.2.1+dfsg1-1)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 20 Jun 2023 21:28:33 +0200
Message-id: <[🔎] ZJH94aVHB54GU6eU@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1034890@bugs.debian.org
In-reply-to: <handler.1034890.D1034890.16872843891963743.notifdone@bugs.debian.org>
References: <E1qBfkI-005kTb-KY@fasolo.debian.org> <ZEliMBSCwV52a58R@pisco.westfalen.local> <handler.1034890.D1034890.16872843891963743.notifdone@bugs.debian.org> <ZEliMBSCwV52a58R@pisco.westfalen.local>

Control: reopen -1 

Hi Reinhard,

I'm unsure on this one, can you elaborate where CVE-2023-0841 has been
fixed with the 2.2.1 upstream version? This was particularly confusing
as the only reference given for the CVE is as Moritz mentioned,
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3
. Unclear if it ever was reported upstream.

Can you have a look?

Regards,
Salvatore

Reply to:

Prev by Date: Bug#1038590: vlc: Depends on SDL 1.2
Next by Date: Processed: Re: Bug#1034890 closed by Debian FTP Masters <ftpmaster@ftp-master.debian.org> (reply to Reinhard Tartler <siretart@tauware.de>) (Bug#1034890: fixed in gpac 2.2.1+dfsg1-1)
Previous by thread: Processed: found 1034890 in 2.0.0+dfsg1-4
Next by thread: Processed: Re: Bug#1034890 closed by Debian FTP Masters <ftpmaster@ftp-master.debian.org> (reply to Reinhard Tartler <siretart@tauware.de>) (Bug#1034890: fixed in gpac 2.2.1+dfsg1-1)
Index(es):
- Date
- Thread