[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1016142: marked as done (gpac: CVE-2022-2549)

Your message dated Tue, 07 Mar 2023 12:04:26 +0000
with message-id <E1pZW3O-00DklU-DU@fasolo.debian.org>
and subject line Bug#1016142: fixed in gpac 2.0.0+dfsg1-4
has caused the Debian Bug report #1016142,
regarding gpac: CVE-2022-2549
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1016142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016142
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for gpac.

CVE-2022-2549[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| v2.1.0-DEV.

https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537
https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2549

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: gpac
Source-Version: 2.0.0+dfsg1-4
Done: Reinhard Tartler <siretart@tauware.de>

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1016142@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Mar 2023 06:41:07 -0500
Source: gpac
Architecture: source
Version: 2.0.0+dfsg1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 1007224 1015788 1016142 1016443 1019595
Changes:
 gpac (2.0.0+dfsg1-4) unstable; urgency=medium
 .
   * make lintian overrides backwards compatible
 .
 gpac (2.0.0+dfsg1-3) unstable; urgency=medium
 .
   * Backport security fixes for CVE-2022-29339 CVE-2022-29340
     CVE-2022-29537 CVE-2022-30976 CVE-2022-1035 CVE-2022-1172
     CVE-2022-1222 CVE-2022-1441 CVE-2022-1795, Closes: 1016443
   * Backport more security fixes CVE-2022-2453 CVE-2022-2454,
     Closes: #1015788
   * Backport more security fixes CVE-2022-38530 CVE-2022-36186
     CVE-2022-36190 CVE-2022-36191, Closes: #1019595
   * Backport more security fixes CVE-2022-2549, closes: #1016142,
     CVE-2022-26967, Closes: #1007224
   * fix some lintian overrides
   * update build-depends on libfreetype-dev
Checksums-Sha1:
 b6c5b5d9c08e109ba5f13f5b5a282b5306aaefa5 2656 gpac_2.0.0+dfsg1-4.dsc
 be3e2f904bc5a29cef57ed566d2ba0239f97dc63 44148 gpac_2.0.0+dfsg1-4.debian.tar.xz
Checksums-Sha256:
 930ca15bda8f5c74350afc37e5530d92b4970bec3c6c2f67cc3e284bc8aef00f 2656 gpac_2.0.0+dfsg1-4.dsc
 408d11657cbedeaefb9e72a9e3e03394c482ae990bef041f52a4f613735b88e1 44148 gpac_2.0.0+dfsg1-4.debian.tar.xz
Files:
 6f651e86a4c39a5a01358de89ae1e372 2656 graphics optional gpac_2.0.0+dfsg1-4.dsc
 aa25e293541c619cd4c97333004883a2 44148 graphics optional gpac_2.0.0+dfsg1-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmQHIwMUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsszURAApGc9Sl8ccQq6k8DL6JuJhyIg5w/Q
/jmJ/Z2CLxVzLYavUM1yDYnKa7N+5g9MxIsADhWpgD8xrSVY6CFZqAEWatKRpiII
tcCgMgwTljpA9Bbfw/AP3ltjm1ZQRdONMz5sOqpX0UUXeFdXp8R7XDFnSBpJhWeK
3MOTUAdL2fFyWEZ2hnOQFpIu0amsKqAPzTVYNENJTajLyh4DSHwDxilac+O8mfBT
Vl+u1nV7EUZXnbNhGrgRvbrW3wlg6EEtbWwqkun9rRS+fK3MYXldyGRkPv904lo9
yBQRr2Ds8eBI3/dpbKSt6T/UF1AePFcozPuzvPCJ+tABX8cISQHKPpH7j8sNG2KH
XlqBeS17m5NQTApCMUDdBJ0+yx58yiY/lF7CK6qZypEqVmgxjyGf/0O+bDOfzXhu
JGciti3BZ6xpGcWzul0AssuyX4DnHHQZC3tYvgxFXLpqqTjwcBhHzOPI5yU8DCkJ
fvupD46gvVoo80jBpiuO453J3PhLZsfyd8UnFcq5U8F2wJKF4NhDDupbw1wU3f7q
ajC0EBfdKS6XM/frDCIYNTlgtc+G5f3gOfCcZNnSaAoNMPrAs3/bc4xI1UJbAKH3
mE4ltXuHYI5NOgJ9Vse9/w237mi0vNX9SbwAJZwDdHaeeHutzONffNC1bagxXx3A
fBhJ21TBsZ1Xhs4=
=77jP
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: