[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#972053: marked as done (CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629 CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558 CVE-2020-6630 CVE-2020-6631)

Your message dated Fri, 20 Nov 2020 23:00:12 +0000
with message-id <E1kgFO0-000GXA-6T@fasolo.debian.org>
and subject line Bug#972053: fixed in gpac 1.0.1+dfsg1-1
has caused the Debian Bug report #972053,
regarding CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165 CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629 CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558 CVE-2020-6630 CVE-2020-6631
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
972053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972053
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: gpac
Version: 0.5.2-426-gc5ad4e4+dfsg5-5
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

CVE-2019-20161:
https://github.com/gpac/gpac/issues/1320
https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956

CVE-2019-20162:
https://github.com/gpac/gpac/issues/1327
https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77

CVE-2019-20163:
https://github.com/gpac/gpac/issues/1335
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)

CVE-2019-20165:
https://github.com/gpac/gpac/issues/1338
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)

CVE-2019-20170:
https://github.com/gpac/gpac/issues/1328
https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03

CVE-2019-20171:
https://github.com/gpac/gpac/issues/1337
https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c

CVE-2019-20208:
https://github.com/gpac/gpac/issues/1348
https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)

CVE-2019-20628:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
https://github.com/gpac/gpac/issues/1269

CVE-2019-20629:
https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
https://github.com/gpac/gpac/issues/1264

CVE-2019-20630:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1268

CVE-2019-20631:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1270

CVE-2019-20632:
https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
https://github.com/gpac/gpac/issues/1271

CVE-2020-11558:
https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
https://github.com/gpac/gpac/issues/1440

CVE-2020-6630:
https://github.com/gpac/gpac/issues/1377
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521

CVE-2020-6631:
https://github.com/gpac/gpac/issues/1378
https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
  
While individual commits refs are listed above, this should really be fixed
via a new upstream release for bullseye, after all the current base version
is from 2015

--- End Message ---
--- Begin Message --- 
Source: gpac
Source-Version: 1.0.1+dfsg1-1
Done: Reinhard Tartler <siretart@tauware.de>

We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 972053@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Nov 2020 18:36:39 -0500
Binary: gpac gpac-dbgsym gpac-modules-base gpac-modules-base-dbgsym libgpac10 libgpac10-dbgsym libgpac-dev
Source: gpac
Architecture: amd64 source
Version: 1.0.1+dfsg1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 782093 931088 932242 940882 972053
Description: 
 gpac       - GPAC Project on Advanced Content - utilities
 gpac-modules-base - GPAC Project on Advanced Content - modules
 libgpac10  - GPAC Project on Advanced Content - shared libraries
 libgpac-dev - GPAC Project on Advanced Content - development files
Changes:
 gpac (1.0.1+dfsg1-1) experimental; urgency=medium
 .
   * New upstream version
     - soname bump to libgpac10
     - Fixes lots of security issues, closes: #972053
        CVE-2019-20161 CVE-2019-20162 CVE-2019-20163 CVE-2019-20165
        CVE-2019-20170 CVE-2019-20208 CVE-2019-20628 CVE-2019-20629
        CVE-2019-20630 CVE-2019-20631 CVE-2019-20632 CVE-2020-11558
        CVE-2020-6630 CVE-2020-6631
     - Fixes CVE-2018-21015 CVE-2018-21016, closes: #940882
     - Fixes CVE-2019-13618, closes: #932242
     - Fixes CVE-2019-12481 CVE-2019-12482 CVE-2019-12483, closes: #931088
     - Fix in manpage, closes: #782093
   * Rewritten debian/copyright with help of 'cme update dpkg-copyright'
Checksums-Sha1: 
 e876bb98d400f1483a89fbac65abd53a18112dde 2701 gpac_1.0.1+dfsg1-1.dsc
 15fb491618d377f533c3b64670556ceee7a730c1 5153848 gpac_1.0.1+dfsg1.orig.tar.xz
 2346a29c5833e95a9aae739bd49dbe7f2427bd44 35844 gpac_1.0.1+dfsg1-1.debian.tar.xz
 933211ab1e3e0d123349919189c4ee1bd4c0ac2a 464556 gpac-dbgsym_1.0.1+dfsg1-1_amd64.deb
 cfdf615f0617c5afc4e0b2fb30c788aaeb4ee362 148888 gpac-modules-base-dbgsym_1.0.1+dfsg1-1_amd64.deb
 c6c3acc99a12967a5fadcdd6f2fd15faad630728 85080 gpac-modules-base_1.0.1+dfsg1-1_amd64.deb
 a18ac306c4b56538256f0431e431e52cf0cf36ce 15822 gpac_1.0.1+dfsg1-1_amd64.buildinfo
 de4358cc1b98568eda7cef33eacadb06952ca8d5 582128 gpac_1.0.1+dfsg1-1_amd64.deb
 d0e3d3643af65d8eed6c8ea944779c4e5cb43d66 3567952 libgpac-dev_1.0.1+dfsg1-1_amd64.deb
 f7e0f388c4d312348194b69697869fd1c2fdf4f4 8835160 libgpac10-dbgsym_1.0.1+dfsg1-1_amd64.deb
 c7d9287e76d7ab05aa96b349f4e8d72420fa629d 2851108 libgpac10_1.0.1+dfsg1-1_amd64.deb
Checksums-Sha256: 
 ddcfd9a96799b5e164109f3786a1bf96d75d199958379f169ea2ac26acfb264e 2701 gpac_1.0.1+dfsg1-1.dsc
 a7e2ead0f6774815bfd7e838e0b09e750f1ff45f1284441dc7d0a52c6757ad46 5153848 gpac_1.0.1+dfsg1.orig.tar.xz
 8c752bf7c9fce5cc5fd47af0b807c255d872dd05b31ae7532a9da07835b0feba 35844 gpac_1.0.1+dfsg1-1.debian.tar.xz
 8fa7c2b91638ced762f0df3a2b71a6569e4643e3e035a623b8064229390c7baa 464556 gpac-dbgsym_1.0.1+dfsg1-1_amd64.deb
 5445fbc7f98e17ae6749d04ec3f88d68b571f5d960981c83dd64e42ba655c167 148888 gpac-modules-base-dbgsym_1.0.1+dfsg1-1_amd64.deb
 13c94503c0f6845268e63403d78092f62a8f1e7384c656cf4b1d55212fed93da 85080 gpac-modules-base_1.0.1+dfsg1-1_amd64.deb
 5f7a636995cce594da9f2891e8beab6b7bbd3a95b76e9d1573057c1fdad8bb9c 15822 gpac_1.0.1+dfsg1-1_amd64.buildinfo
 5209e15cafa9bbd31bf23ed42acaa3e8b25828713f6f96cc0b3d14d2c34d193f 582128 gpac_1.0.1+dfsg1-1_amd64.deb
 36d29915e1e4f4578d60aa3d955a023f1b8004d2acf823678fdd6fb3c5798ef9 3567952 libgpac-dev_1.0.1+dfsg1-1_amd64.deb
 99b43f885477cf8b248bb0aa59874ae69cb28a64ea610ea9c5c711b40b36d683 8835160 libgpac10-dbgsym_1.0.1+dfsg1-1_amd64.deb
 1b9dadd3c5608905eac6f3f806b427537b422e86238ef350d40c93c3695fd389 2851108 libgpac10_1.0.1+dfsg1-1_amd64.deb
Files: 
 c700475c3e0be29a801349425b5a9500 2701 graphics optional gpac_1.0.1+dfsg1-1.dsc
 bfcb7a6dad4834c70630bf996c8fa64f 5153848 graphics optional gpac_1.0.1+dfsg1.orig.tar.xz
 1bd7bf9522fb3155b7e0909f0ede99c3 35844 graphics optional gpac_1.0.1+dfsg1-1.debian.tar.xz
 4dc00c71066b07f876a57b924ca596f2 464556 debug optional gpac-dbgsym_1.0.1+dfsg1-1_amd64.deb
 015cb877579f4fdb8d757f0ee26e2a0b 148888 debug optional gpac-modules-base-dbgsym_1.0.1+dfsg1-1_amd64.deb
 243266ad390ab206dddf4c47f75e64fe 85080 graphics optional gpac-modules-base_1.0.1+dfsg1-1_amd64.deb
 35a680884fbb4dc82a675add9f655e03 15822 graphics optional gpac_1.0.1+dfsg1-1_amd64.buildinfo
 643b0428ad288e168c67c92c2c3ec3d4 582128 graphics optional gpac_1.0.1+dfsg1-1_amd64.deb
 7e0d2178452977ba8da985394773ff67 3567952 libdevel optional libgpac-dev_1.0.1+dfsg1-1_amd64.deb
 d7d8c6a1711f2b7220514c3720ad3b2c 8835160 debug optional libgpac10-dbgsym_1.0.1+dfsg1-1_amd64.deb
 a8df84d14c574fd44901f4f705d47c95 2851108 libs optional libgpac10_1.0.1+dfsg1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAl+1CwcUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJst5Ug/+Le6X/KGOmlVC+ETfUfFq9e4PfVyB
BsfS09vRuS3rgB0eDnS9FSdb6OhDwxWAZJruzphHqdLQXY+NLTTPBlYz/u+hFTiW
6PxoxbQ/cqrkM4G1Q4wEMgL4WUwmdAhfdRBICw6myserytAfdRqqzo4AAcI510QG
h/ep8qpKSw9vuZsGsQveZFHtumi9TdVlxEJX4LW5bF0QMgy3BqQQiAZ+UuA+pMER
qdZVADpvk6p6E99zpo+q3VhASPQUSYFo5hJkBDFZNtY7TDYHtm1SvhM/WpnXNeMC
B9DAT5n8PPqZsuM+dJ04oOnUPqSWopYDODAbLhZqsm0XmY2W0xuCrdhXAH8W0d1L
tgGbNKDDlklP5oJzkOinRk01H+LFBP1AMEwwzBUKNkNHlOfkkV1QTW5cEQ6osm+h
TcPrEq6ArVsSF6LJqIup88Wu/7KP2kAyWN0loA4G3rVN4I8atj4p9S9dOLVTnm9k
RSvhOMqVc/olmpemnxnJTgwQLgS5Emo/p0HpoQF60gUKJpYpMXNWojQNI/mLNjD3
+Ta973qE5hozL2ZWPsYtynRmAIBduf4O+36beIyK4LcMKYuXG9zeJrFXQw6ntWcG
pG1+5GlkKKgHuw503mmYhpAKsp2E6/jT3rlQ/XJm9v5y9xKQydrOqpQVKFv5zGb4
Bro722p7gmgvSuY=
=kH3R
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: