Bug#1032972: handbrake: debian version of handbrake does not handle subtitles correctly
Hi Michael, thanks for looking into this! michael spreng wrote: > The above mentioned patch to ffmpeg changes ffmpeg to remember the pts. But > handbrake can remember the pts just as well. So see the attached patch which > does exactly that: if the subtitle is incomplete, it saves the pts to the > handbrake subtitle context, and retrieves it if there is no pts on a > completed subtitle ready for output. > > I am unsure how to proceed from here. Is that fix acceptable? Where would I > submit it? Can you please send/propose this upstream, they are in a much better position to assess this approach. Either by making a pull request https://github.com/HandBrake/HandBrake or by opening an issue there. Cheers, Moritz
Bug#1059275: libde265: CVE-2023-49465 CVE-2023-49467 CVE-2023-49468
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2023-49465[0]: | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow | vulnerability in the derive_spatial_luma_vector_prediction function | at motion.cc. https://github.com/strukturag/libde265/issues/435 CVE-2023-49467[1]: | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow | vulnerability in the derive_combined_bipredictive_merging_candidates | function at motion.cc. https://github.com/strukturag/libde265/issues/434 CVE-2023-49468[2]: | Libde265 v1.0.14 was discovered to contain a global buffer overflow | vulnerability in the read_coding_unit function at slice.cc. https://github.com/strukturag/libde265/issues/432 Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49465 https://www.cve.org/CVERecord?id=CVE-2023-49465 [1] https://security-tracker.debian.org/tracker/CVE-2023-49467 https://www.cve.org/CVERecord?id=CVE-2023-49467 [2] https://security-tracker.debian.org/tracker/CVE-2023-49468 https://www.cve.org/CVERecord?id=CVE-2023-49468 Please adjust the affected versions in the BTS as needed.
Bug#1059151: libheif: CVE-2023-49460 CVE-2023-49462 CVE-2023-49463 CVE-2023-49464
Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libheif. CVE-2023-49460[0]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function UncompressedImageCodec::decode_uncompressed_image. https://github.com/strukturag/libheif/issues/1046 https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76 CVE-2023-49462[1]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the component /libheif/exif.cc. https://github.com/strukturag/libheif/issues/1043 https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878cc67f3889969 CVE-2023-49463[2]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function find_exif_tag at /libheif/exif.cc. https://github.com/strukturag/libheif/issues/1042 https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf CVE-2023-49464[3]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function UncompressedImageCodec::get_luma_bits_per_pixel_fro | m_configuration_unci. https://github.com/strukturag/libheif/issues/1044 https://github.com/strukturag/libheif/pull/1049 https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49460 https://www.cve.org/CVERecord?id=CVE-2023-49460 [1] https://security-tracker.debian.org/tracker/CVE-2023-49462 https://www.cve.org/CVERecord?id=CVE-2023-49462 [2] https://security-tracker.debian.org/tracker/CVE-2023-49463 https://www.cve.org/CVERecord?id=CVE-2023-49463 [3] https://security-tracker.debian.org/tracker/CVE-2023-49464 https://www.cve.org/CVERecord?id=CVE-2023-49464 Please adjust the affected versions in the BTS as needed.
Bug#1051890: libsndfile: CVE-2022-33064
Source: libsndfile X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libsndfile. CVE-2022-33064[0]: | An off-by-one error in function wav_read_header in src/wav.c in | Libsndfile 1.1.0, results in a write out of bound, which allows an | attacker to execute arbitrary code, Denial of Service or other | unspecified impacts. https://github.com/libsndfile/libsndfile/issues/832 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33064 https://www.cve.org/CVERecord?id=CVE-2022-33064 Please adjust the affected versions in the BTS as needed.
Bug#1051891: libsndfile: CVE-2022-33065
Source: libsndfile X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libsndfile. CVE-2022-33065[0]: | Multiple signed integers overflow in function au_read_header in | src/au.c and in functions mat4_open and mat4_read_header in | src/mat4.c in Libsndfile, allows an attacker to cause Denial of | Service or other unspecified impacts. https://github.com/libsndfile/libsndfile/issues/833 https://github.com/libsndfile/libsndfile/issues/789 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33065 https://www.cve.org/CVERecord?id=CVE-2022-33065 Please adjust the affected versions in the BTS as needed.
Bug#1051740: gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 CVE-2023-39562 CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 CVE-2023-4720 CVE-2023-4721 CVE-2023-4722 CVE-2023-4754 CVE-2023-475
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-3012[0]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 CVE-2023-3013[1]: | Unchecked Return Value in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 CVE-2023-3291[2]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf CVE-2023-39562[3]: | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a | heap-use-after-free via the gf_bs_align function at bitstream.c. | This vulnerability allows attackers to cause a Denial of Service | (DoS) via supplying a crafted file. https://github.com/gpac/gpac/issues/2537 https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 CVE-2023-4678[4]: | Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07 https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877 CVE-2023-4681[5]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e CVE-2023-4682[6]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c CVE-2023-4683[7]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 CVE-2023-4720[8]: | Floating Point Comparison with Incorrect Operator in GitHub | repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad CVE-2023-4721[9]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc CVE-2023-4722[10]: | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior | to 2.3-DEV. https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 CVE-2023-4754[11]: | Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c CVE-2023-4755[12]: | Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 CVE-2023-4756[13]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 CVE-2023-4758[14]: | Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 CVE-2023-4778[15]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3012 https://www.cve.org/CVERecord?id=CVE-2023-3012 [1] https://security-tracker.debian.org/tracker/CVE-2023-3013 https://www.cve.org/CVERecord?id=CVE-2023-3013 [2] https://security-tracker.debian.org/tracker/CVE-2023-3291 https://www.cve.org/CVERecord?id=CVE-2023-3291 [3] https://security-tracker.debian.org/tracker/CVE-2023-39562 https://www.cve.org/CVERecord?id=CVE-2023-39562 [4] https://security-tracker.debian.org/tracker/CVE-2023-4678 https://www.cve.org/CVERecord?id=CVE-2023-4678 [5] https://security-tracker.debian.org/tracker/CVE-2023-4681 https://www.cve.org/CVERecord?id=CVE-2023-4681 [6]
Bug#1050836: oggvideotools: CVE-2020-21722 CVE-2020-21723 CVE-2020-21724
Source: oggvideotools X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for oggvideotools. CVE-2020-21722[0]: | Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote | attackers to run arbitrary code via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/11/ CVE-2020-21723[1]: | A Segmentation Fault issue discovered | StreamSerializer::extractStreams function in streamSerializer.cpp in | oggvideotools 0.9.1 allows remote attackers to cause a denial of | service (crash) via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/10 CVE-2020-21724[2]: | Buffer Overflow vulnerability in ExtractorInformation function in | streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers | to run arbitrary code via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/9 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21722 https://www.cve.org/CVERecord?id=CVE-2020-21722 [1] https://security-tracker.debian.org/tracker/CVE-2020-21723 https://www.cve.org/CVERecord?id=CVE-2020-21723 [2] https://security-tracker.debian.org/tracker/CVE-2020-21724 https://www.cve.org/CVERecord?id=CVE-2020-21724 Please adjust the affected versions in the BTS as needed.
Bug#1041113: sox: CVE-2023-26590
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2023-26590[0]: | A floating point exception vulnerability was found in sox, in the | lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can | lead to a denial of service. https://bugzilla.redhat.com/show_bug.cgi?id=2212279 https://sourceforge.net/p/sox/bugs/370/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-26590 https://www.cve.org/CVERecord?id=CVE-2023-26590 Please adjust the affected versions in the BTS as needed.
Bug#1041112: sox: CVE-2023-32627
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2023-32627[0]: | A floating point exception vulnerability was found in sox, in the | read_samples function at sox/src/voc.c:334:18. This flaw can lead to | a denial of service. https://bugzilla.redhat.com/show_bug.cgi?id=2212282 https://sourceforge.net/p/sox/bugs/369/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32627 https://www.cve.org/CVERecord?id=CVE-2023-32627 Please adjust the affected versions in the BTS as needed.
Bug#1041111: sox: CVE-2023-34318
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2023-34318[0]: | A heap buffer overflow vulnerability was found in sox, in the | startread function at sox/src/hcom.c:160:41. This flaw can lead to a | denial of service, code execution, or information disclosure. https://bugzilla.redhat.com/show_bug.cgi?id=2212283 https://sourceforge.net/p/sox/bugs/368/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34318 https://www.cve.org/CVERecord?id=CVE-2023-34318 Please adjust the affected versions in the BTS as needed.
Bug#1041110: sox: CVE-2023-34432
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for sox. CVE-2023-34432[0]: | A heap buffer overflow vulnerability was found in sox, in the | lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can | lead to a denial of service, code execution, or information | disclosure. https://bugzilla.redhat.com/show_bug.cgi?id=2212291 https://sourceforge.net/p/sox/bugs/367/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34432 https://www.cve.org/CVERecord?id=CVE-2023-34432 Please adjust the affected versions in the BTS as needed.
Bug#1040593: kodi: CVE-2023-30207
Source: kodi X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for kodi. CVE-2023-30207[0]: | A divide by zero issue discovered in Kodi Home Theater Software 19.5 | and earlier allows attackers to cause a denial of service via use of | crafted mp3 file. https://github.com/xbmc/xbmc/issues/22378 https://github.com/xbmc/xbmc/pull/22391 https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-30207 https://www.cve.org/CVERecord?id=CVE-2023-30207 Please adjust the affected versions in the BTS as needed.
Bug#1034732: fixed in gpac 2.2.1+dfsg1-1
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters: > Source: gpac > Source-Version: 2.2.1+dfsg1-1 > Done: Reinhard Tartler > Changes: > gpac (2.2.1+dfsg1-1) experimental; urgency=medium > . >* New upstream version, > closes: #1033116, #1034732, #1034187, #1036701, #1034890 A single upload a week after the release doesn't change the fact that gpac isn't supportable unless you massively step up in maintenance (which would also involve taking care of bullseye-security), so #1034732 should not be closed with the upload to unstable. If GPAC magically becomes more stable over the next 1.5 years, we can reconsider. Cheers, Moritz
Bug#1036701: gpac: CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-2837[0]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 CVE-2023-2838[1]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2839[2]: | Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2840[3]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-2837 https://www.cve.org/CVERecord?id=CVE-2023-2837 [1] https://security-tracker.debian.org/tracker/CVE-2023-2838 https://www.cve.org/CVERecord?id=CVE-2023-2838 [2] https://security-tracker.debian.org/tracker/CVE-2023-2839 https://www.cve.org/CVERecord?id=CVE-2023-2839 [3] https://security-tracker.debian.org/tracker/CVE-2023-2840 https://www.cve.org/CVERecord?id=CVE-2023-2840 Please adjust the affected versions in the BTS as needed.
Bug#1035950: dav1d: CVE-2023-32570
Source: dav1d X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for dav1d. CVE-2023-32570[0]: | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that | can lead to an application crash, related to dav1d_decode_frame_exit. https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32570 https://www.cve.org/CVERecord?id=CVE-2023-32570 Please adjust the affected versions in the BTS as needed.
Bug#1034890: gpac: CVE-2023-0841
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for gpac. CVE-2023-0841[0]: | A vulnerability, which was classified as critical, has been found in | GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function | mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation | leads to heap-based buffer overflow. The attack may be initiated | remotely. The exploit has been disclosed to the public and may be | used. The associated identifier of this vulnerability is VDB-221087. Only reference here is the following, doesn't seem to have been forwarded: https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0841 https://www.cve.org/CVERecord?id=CVE-2023-0841 Please adjust the affected versions in the BTS as needed.
Bug#1034187: gpac: CVE-2023-0841 CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-1655
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-1448[1]: | A vulnerability, which was classified as problematic, was found in | GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function | gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation | leads to heap-based buffer overflow. Attacking locally is a | requirement. The exploit has been disclosed to the public and may be | used. It is recommended to apply a patch to fix this issue. The | identifier VDB-223293 was assigned to this vulnerability. https://github.com/gpac/gpac/issues/2388 https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 CVE-2023-1449[2]: | A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master | and classified as problematic. This vulnerability affects the function | gf_av1_reset_state of the file media_tools/av_parsers.c. The | manipulation leads to double free. It is possible to launch the attack | on the local host. The exploit has been disclosed to the public and | may be used. It is recommended to apply a patch to fix this issue. | VDB-223294 is the identifier assigned to this vulnerability. https://github.com/gpac/gpac/issues/2387 https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 CVE-2023-1452[3]: | A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It | has been declared as critical. Affected by this vulnerability is an | unknown functionality of the file filters/load_text.c. The | manipulation leads to buffer overflow. Local access is required to | approach this attack. The exploit has been disclosed to the public and | may be used. It is recommended to apply a patch to fix this issue. The | identifier VDB-223297 was assigned to this vulnerability. https://github.com/gpac/gpac/issues/2386 https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f CVE-2023-1654[4]: | Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da CVE-2023-1655[5]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.4.0. https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0841 https://www.cve.org/CVERecord?id=CVE-2023-0841 [1] https://security-tracker.debian.org/tracker/CVE-2023-1448 https://www.cve.org/CVERecord?id=CVE-2023-1448 [2] https://security-tracker.debian.org/tracker/CVE-2023-1449 https://www.cve.org/CVERecord?id=CVE-2023-1449 [3] https://security-tracker.debian.org/tracker/CVE-2023-1452 https://www.cve.org/CVERecord?id=CVE-2023-1452 [4] https://security-tracker.debian.org/tracker/CVE-2023-1654 https://www.cve.org/CVERecord?id=CVE-2023-1654 [5] https://security-tracker.debian.org/tracker/CVE-2023-1655 https://www.cve.org/CVERecord?id=CVE-2023-1655 Please adjust the affected versions in the BTS as needed.
Bug#1033257: libde265: CVE-2023-27102 CVE-2023-27103
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2023-27102[0]: | Libde265 v1.0.11 was discovered to contain a segmentation violation | via the function decoder_context::process_slice_segment_header at | decctx.cc. https://github.com/strukturag/libde265/issues/393 https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1 CVE-2023-27103[1]: | Libde265 v1.0.11 was discovered to contain a heap buffer overflow via | the function derive_collocated_motion_vectors at motion.cc. https://github.com/strukturag/libde265/issues/394 https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-27102 https://www.cve.org/CVERecord?id=CVE-2023-27102 [1] https://security-tracker.debian.org/tracker/CVE-2023-27103 https://www.cve.org/CVERecord?id=CVE-2023-27103 Please adjust the affected versions in the BTS as needed.
Bug#1033116: gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2022-3222[0]: | Uncontrolled Recursion in GitHub repository gpac/gpac prior to | 2.1.0-DEV. https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2023-0866[2]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3.0-DEV. https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 CVE-2022-4202[3]: | A vulnerability, which was classified as problematic, was found in | GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function | lsr_translate_coords of the file laser/lsr_dec.c. The manipulation | leads to integer overflow. It is possible to launch the attack | remotely. The exploit has been disclosed to the public and may be | used. The name of the patch is | b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a | patch to fix this issue. VDB-214518 is the identifier assigned to this | vulnerability. https://github.com/gpac/gpac/issues/2333 https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 CVE-2022-43039[4]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_isom_meta_restore_items_ref | at /isomedia/meta.c. https://github.com/gpac/gpac/issues/2281 https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 CVE-2023-23143[5]: | Buffer overflow vulnerability in function avc_parse_slice in file | media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 CVE-2023-23144[6]: | Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file | bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 CVE-2023-23145[7]: | GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a | memory leak in lsr_read_rare_full function. https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f CVE-2022-43040[8]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap | buffer overflow via the function gf_isom_box_dump_start_ex at | /isomedia/box_funcs.c. https://github.com/gpac/gpac/issues/2280 https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43042[9]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap | buffer overflow via the function FixSDTPInTRAF at | isomedia/isom_intern.c. https://github.com/gpac/gpac/issues/2278 https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 CVE-2022-43043[10]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function BD_CheckSFTimeOffset at | /bifs/field_decode.c. https://github.com/gpac/gpac/issues/2276 https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43044[11]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_isom_get_meta_item_info at | /isomedia/meta.c. https://github.com/gpac/gpac/issues/2282 https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43045[12]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_dump_vrml_sffield at | /scene_manager/scene_dump.c. https://github.com/gpac/gpac/issues/2277 https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-45202[13]: | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a | stack overflow via the function dimC_box_read at | isomedia/box_code_3gpp.c. https://github.com/gpac/gpac/issues/2296 https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da CVE-2022-45283[14]: | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the | smil_parse_time_list parameter at /scenegraph/svg_attributes.c. https://github.com/gpac/gpac/issues/2295 https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df CVE-2022-45343[15]: | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a | heap use-after-free via the Q_IsTypeOn function at | /gpac/src/bifs/unquantize.c. https://github.com/gpac/gpac/issues/2315 https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 CVE-2022-46489[16]: | GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to | contain a memory leak via the gf_isom_box_parse_ex function at | box_funcs.c. https://github.com/gpac/gpac/issues/2328
Bug#1032101: libheif: CVE-2023-0996
Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libheif. CVE-2023-0996[0]: | There is a vulnerability in the strided image data parsing code in the | emscripten wrapper for libheif. An attacker could exploit this through | a crafted image file to cause a buffer overflow in linear memory | during a memcpy call. https://github.com/strukturag/libheif/pull/759 https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0996 https://www.cve.org/CVERecord?id=CVE-2023-0996 Please adjust the affected versions in the BTS as needed.
Bug#1030049: opusfile: CVE-2022-47021
Source: opusfile X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for opusfile. CVE-2022-47021[0]: | A null pointer dereference issue was discovered in functions | op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 | allows attackers to cause denial of service or other unspecified | impacts. https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 https://github.com/xiph/opusfile/issues/36 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-47021 https://www.cve.org/CVERecord?id=CVE-2022-47021 Please adjust the affected versions in the BTS as needed.
Bug#1027179: libde265: CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43244 CVE-2022-43245 CVE-2022-43249 CVE-2022-432
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2022-43235[0]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. | This vulnerability allows attackers to cause a Denial of Service (DoS) | via a crafted video file. https://github.com/strukturag/libde265/issues/337 CVE-2022-43236[1]: | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow | vulnerability via put_qpel_fallbackunsigned short in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/343 CVE-2022-43237[2]: | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow | vulnerability via void put_epel_hv_fallbackunsigned short in | fallback-motion.cc. This vulnerability allows attackers to cause a | Denial of Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/344 CVE-2022-43238[3]: | Libde265 v1.0.8 was discovered to contain an unknown crash via | ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/338 CVE-2022-43239[4]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via mc_chromaunsigned short in motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/341 CVE-2022-43240[5]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. | This vulnerability allows attackers to cause a Denial of Service (DoS) | via a crafted video file. https://github.com/strukturag/libde265/issues/335 CVE-2022-43241[6]: | Libde265 v1.0.8 was discovered to contain an unknown crash via | ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/335 CVE-2022-43242[7]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via mc_lumaunsigned char in motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/340 CVE-2022-43244[8]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_qpel_fallbackunsigned short in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/342 CVE-2022-43245[9]: | Libde265 v1.0.8 was discovered to contain a segmentation violation via | apply_sao_internalunsigned short in sao.cc. This vulnerability | allows attackers to cause a Denial of Service (DoS) via a crafted | video file. https://github.com/strukturag/libde265/issues/352 CVE-2022-43249[10]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_epel_hv_fallbackunsigned short in | fallback-motion.cc. This vulnerability allows attackers to cause a | Denial of Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/345 CVE-2022-43250[11]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/346 CVE-2022-43252[12]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_epel_16_fallback in fallback-motion.cc. This | vulnerability allows attackers to cause a Denial of Service (DoS) via | a crafted video file. https://github.com/strukturag/libde265/issues/347 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43235 https://www.cve.org/CVERecord?id=CVE-2022-43235 [1] https://security-tracker.debian.org/tracker/CVE-2022-43236 https://www.cve.org/CVERecord?id=CVE-2022-43236 [2] https://security-tracker.debian.org/tracker/CVE-2022-43237 https://www.cve.org/CVERecord?id=CVE-2022-43237 [3] https://security-tracker.debian.org/tracker/CVE-2022-43238 https://www.cve.org/CVERecord?id=CVE-2022-43238 [4] https://security-tracker.debian.org/tracker/CVE-2022-43239 https://www.cve.org/CVERecord?id=CVE-2022-43239 [5] https://security-tracker.debian.org/tracker/CVE-2022-43240 https://www.cve.org/CVERecord?id=CVE-2022-43240 [6]
Bug#1025816: libde265: CVE-2022-43243 CVE-2022-43248 CVE-2022-43253
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2022-43243[0]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/339 CVE-2022-43248[1]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_weighted_pred_avg_16_fallback in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/349 CVE-2022-43253[2]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_unweighted_pred_16_fallback in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/348 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43243 https://www.cve.org/CVERecord?id=CVE-2022-43243 [1] https://security-tracker.debian.org/tracker/CVE-2022-43248 https://www.cve.org/CVERecord?id=CVE-2022-43248 [2] https://security-tracker.debian.org/tracker/CVE-2022-43253 https://www.cve.org/CVERecord?id=CVE-2022-43253 Please adjust the affected versions in the BTS as needed.
Bug#1021136: sox: CVE-2022-39236 CVE-2022-39249 CVE-2022-39251
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for sox. CVE-2022-39236[0]: | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. | Starting with version 17.1.0-rc.1, improperly formed beacon events can | disrupt or impede the matrix-js-sdk from functioning properly, | potentially impacting the consumer's ability to process data safely. | Note that the matrix-js-sdk can appear to be operating normally but be | excluding or corrupting runtime data presented to the consumer. This | is patched in matrix-js-sdk v19.7.0. Redacting applicable events, | waiting for the sync processor to store data, and restarting the | client are possible workarounds. Alternatively, redacting the | applicable events and clearing all storage will fix the further | perceived issues. Downgrading to an unaffected version, noting that | such a version may be subject to other vulnerabilities, will | additionally resolve the issue. https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 https://github.com/matrix-org/matrix-spec-proposals/pull/3488 CVE-2022-39249[1]: | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. | Prior to version 19.7.0, an attacker cooperating with a malicious | homeserver can construct messages appearing to have come from another | person. Such messages will be marked with a grey shield on some | platforms, but this may be missing in others. This attack is possible | due to the matrix-js-sdk implementing a too permissive key forwarding | strategy on the receiving end. Starting with version 19.7.0, the | default policy for accepting key forwards has been made more strict in | the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys | in response to previously issued requests and only from own, verified | devices. The SDK now sets a `trusted` flag on the decrypted message | upon decryption, based on whether the key used to decrypt the message | was received from a trusted source. Clients need to ensure that | messages decrypted with a key with `trusted = false` are decorated | appropriately, for example, by showing a warning for such messages. | This attack requires coordination between a malicious homeserver and | an attacker, and those who trust your homeservers do not need a | workaround. https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 https://github.com/matrix-org/matrix-spec-proposals/pull/3061 https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients CVE-2022-39251[2]: | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. | Prior to version 19.7.0, an attacker cooperating with a malicious | homeserver can construct messages that legitimately appear to have | come from another person, without any indication such as a grey | shield. Additionally, a sophisticated attacker cooperating with a | malicious homeserver could employ this vulnerability to perform a | targeted attack in order to send fake to-device messages appearing to | originate from another user. This can allow, for example, to inject | the key backup secret during a self-verification, to make a targeted | device start using a malicious key backup spoofed by the homeserver. | These attacks are possible due to a protocol confusion vulnerability | that accepts to-device messages encrypted with Megolm instead of Olm. | Starting with version 19.7.0, matrix-js-sdk has been modified to only | accept Olm-encrypted to-device messages. Out of caution, several other | checks have been audited or added. This attack requires coordination | between a malicious home server and an attacker, so those who trust | their home servers do not need a workaround. https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-39236 https://www.cve.org/CVERecord?id=CVE-2022-39236 [1] https://security-tracker.debian.org/tracker/CVE-2022-39249 https://www.cve.org/CVERecord?id=CVE-2022-39249 [2] https://security-tracker.debian.org/tracker/CVE-2022-39251 https://www.cve.org/CVERecord?id=CVE-2022-39251 Please adjust the affected versions in the BTS as needed.
Bug#1021135: sox: CVE-2021-33844
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for sox. CVE-2021-33844[0]: | A floating point exception (divide-by-zero) issue was discovered in | SoX in functon startread() of wav.c file. An attacker with a crafted | wav file, could cause an application to crash. https://sourceforge.net/p/sox/bugs/349/ https://bugzilla.redhat.com/show_bug.cgi?id=1975664 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33844 https://www.cve.org/CVERecord?id=CVE-2021-33844 Please adjust the affected versions in the BTS as needed.
Bug#1021134: sox: CVE-2021-23172
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2021-23172[0]: | A vulnerability was found in SoX, where a heap-buffer-overflow occurs | in function startread() in hcom.c file. The vulnerability is | exploitable with a crafted hcomn file, that could cause an application | to crash. https://sourceforge.net/p/sox/bugs/350/ https://bugzilla.redhat.com/show_bug.cgi?id=1975666 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-23172 https://www.cve.org/CVERecord?id=CVE-2021-23172 Please adjust the affected versions in the BTS as needed.
Bug#1021133: sox: CVE-2021-23159
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for sox. CVE-2021-23159[0]: | A vulnerability was found in SoX, where a heap-buffer-overflow occurs | in function lsx_read_w_buf() in formats_i.c file. The vulnerability is | exploitable with a crafted file, that could cause an application to | crash. https://sourceforge.net/p/sox/bugs/352/ https://bugzilla.redhat.com/show_bug.cgi?id=1975671 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-23159 https://www.cve.org/CVERecord?id=CVE-2021-23159 Please adjust the affected versions in the BTS as needed.
Bug#1021013: mplayer: CVE-2022-38600 CVE-2022-38856 CVE-2022-38861 CVE-2022-38862 CVE-2022-38864
Source: mplayer X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for mplayer. CVE-2022-38600[0]: | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and | vf_vo.c. https://trac.mplayerhq.hu/ticket/2390#comment:2 https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) CVE-2022-38856[1]: | Certain The MPlayer Project products are vulnerable to Buffer Overflow | via function mov_build_index() of libmpdemux/demux_mov.c. This affects | mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. https://trac.mplayerhq.hu/ticket/2395 CVE-2022-38861[2]: | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory | corruption via function free_mp_image() of libmpcodecs/mp_image.c. https://trac.mplayerhq.hu/ticket/2407 https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) CVE-2022-38862[3]: | Certain The MPlayer Project products are vulnerable to Buffer Overflow | via function play() of libaf/af.c:639. This affects mplayer | SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. https://trac.mplayerhq.hu/ticket/2400 https://trac.mplayerhq.hu/ticket/2404 CVE-2022-38864[4]: | Certain The MPlayer Project products are vulnerable to Buffer Overflow | via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This | affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. https://trac.mplayerhq.hu/ticket/2406 https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-38600 https://www.cve.org/CVERecord?id=CVE-2022-38600 [1] https://security-tracker.debian.org/tracker/CVE-2022-38856 https://www.cve.org/CVERecord?id=CVE-2022-38856 [2] https://security-tracker.debian.org/tracker/CVE-2022-38861 https://www.cve.org/CVERecord?id=CVE-2022-38861 [3] https://security-tracker.debian.org/tracker/CVE-2022-38862 https://www.cve.org/CVERecord?id=CVE-2022-38862 [4] https://security-tracker.debian.org/tracker/CVE-2022-38864 https://www.cve.org/CVERecord?id=CVE-2022-38864 Please adjust the affected versions in the BTS as needed.
Bug#1019595: gpac: CVE-2022-38530 CVE-2022-36186 CVE-2022-36190 CVE-2022-36191
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2022-38530[0]: | GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a | stack overflow when processing ISOM_IOD. https://github.com/gpac/gpac/issues/2216 https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d CVE-2022-36186[1]: | A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV- | revUNKNOWN-master via the function gf_filter_pid_set_property_full () | at filter_core/filter_pid.c:5250,which causes a Denial of Service | (DoS). This vulnerability was fixed in commit b43f9d1. https://github.com/gpac/gpac/issues/2223 https://github.com/gpac/gpac/commit/b43f9d1a4b4e33d08edaef6d313e6ce4bdf554d3 CVE-2022-36190[2]: | GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free | vulnerability in function gf_isom_dovi_config_get. This vulnerability | was fixed in commit fef6242. https://github.com/gpac/gpac/issues/2220 Fixed along with: https://github.com/gpac/gpac/issues/2218 https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36191[3]: | A heap-buffer-overflow had occurred in function | gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by | MP4Box. This vulnerability was fixed in commit fef6242. https://github.com/gpac/gpac/issues/2218 https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-38530 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38530 [1] https://security-tracker.debian.org/tracker/CVE-2022-36186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36186 [2] https://security-tracker.debian.org/tracker/CVE-2022-36190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36190 [3] https://security-tracker.debian.org/tracker/CVE-2022-36191 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36191 Please adjust the affected versions in the BTS as needed.
Bug#1016986: Should pd-py be removed?
severity 1016986 normal reassign 1016986 ftp.debian.org retitle 1016986 RM: pd-py -- RoM; depends on Python 2 thanks > Your package came up as a candidate for removal from Debian: > - Still depends on Python 2, which is finally being removed in Bookworm > - Last upload in 2018 > > If you disagree and want to continue to maintain this package, > please just close this bug (and fix the open issues). > > If you agree with the removal, please reassign to ftp.debian.org > by sending the following commands to cont...@bugs.debian.org: > > Otherwise I'll move forward and request it's removal in a month. Reassigning for removal. Cheers, Moritz
Bug#1016443: gpac: CVE-2022-29339 CVE-2022-29340 CVE-2022-29537 CVE-2022-30976 CVE-2022-1035 CVE-2022-1172 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2022-29339[0]: | In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in | utils/bitstream.c has a failed assertion, which causes a Denial of | Service. This vulnerability was fixed in commit 9ea93a2. https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f https://github.com/gpac/gpac/issues/2165 CVE-2022-29340[1]: | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference | vulnerability in gf_isom_parse_movie_boxes_internal due to improper | return value handling of GF_SKIP_BOX, which causes a Denial of | Service. This vulnerability was fixed in commit 37592ad. https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 https://github.com/gpac/gpac/issues/2163 CVE-2022-29537[2]: | gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a | heap-based buffer over-read, as demonstrated by MP4Box. https://github.com/gpac/gpac/issues/2173 https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a CVE-2022-30976[3]: | GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed | gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based | buffer over-read, as demonstrated by MP4Box. https://github.com/gpac/gpac/issues/2179 https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e2117831ca143d78 CVE-2022-1035[4]: | Segmentation Fault caused by MP4Box -lsr in GitHub repository | gpac/gpac prior to 2.1.0-DEV. https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 CVE-2022-1172[5]: | Null Pointer Dereference Caused Segmentation Fault in GitHub | repository gpac/gpac prior to 2.1.0-DEV. https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/ https://github.com/gpac/gpac/issues/2153 https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8 CVE-2022-1222[6]: | Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 CVE-2022-1441[7]: | MP4Box is a component of GPAC-2.0.0, which is a widely-used third- | party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it | calls the function `diST_box_read()` to read from video. In this | function, it allocates a buffer `str` with fixed length. However, | content read from `bs` is controllable by user, so is the length, | which causes a buffer overflow. https://github.com/gpac/gpac/issues/2175 https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb CVE-2022-1795[8]: | Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-29339 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29339 [1] https://security-tracker.debian.org/tracker/CVE-2022-29340 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29340 [2] https://security-tracker.debian.org/tracker/CVE-2022-29537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29537 [3] https://security-tracker.debian.org/tracker/CVE-2022-30976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30976 [4] https://security-tracker.debian.org/tracker/CVE-2022-1035 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1035 [5] https://security-tracker.debian.org/tracker/CVE-2022-1172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1172 [6] https://security-tracker.debian.org/tracker/CVE-2022-1222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1222 [7] https://security-tracker.debian.org/tracker/CVE-2022-1441 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1441 [8] https://security-tracker.debian.org/tracker/CVE-2022-1795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1795 Please adjust the affected versions in the BTS as needed.
Bug#1016142: gpac: CVE-2022-2549
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for gpac. CVE-2022-2549[0]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | v2.1.0-DEV. https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537 https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2549 Please adjust the affected versions in the BTS as needed.
Bug#1015790: wavpack: CVE-2022-2476
Source: wavpack X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for wavpack. CVE-2022-2476[0]: | A null pointer dereference bug was found in wavpack-5.4.0 The results | from the ASAN log: AddressSanitizer:DEADLYSIGNAL = | ==84257==ERROR: | AddressSanitizer: SEGV on unknown address 0x (pc | 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The | signal is caused by a WRITE memory access. ==84257==Hint: address | points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 | #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux- | gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start | (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide | additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in | main ==84257==ABORTING https://github.com/dbry/WavPack/issues/121 https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2476 Please adjust the affected versions in the BTS as needed.
Bug#1015788: gpac: CVE-2022-2453 CVE-2022-2454
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2022-2453[0]: | Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c CVE-2022-2454[1]: | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to | 2.1-DEV. https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2453 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2453 [1] https://security-tracker.debian.org/tracker/CVE-2022-2454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2454 Please adjust the affected versions in the BTS as needed.
Bug#1014999: libde265: CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21599 CVE-2020-21601 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2020-21594[0]: | libde265 v1.0.4 contains a heap buffer overflow in the | put_epel_hv_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/233 CVE-2020-21595[1]: | libde265 v1.0.4 contains a heap buffer overflow in the mc_luma | function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/239 CVE-2020-21596[2]: | libde265 v1.0.4 contains a global buffer overflow in the | decode_CABAC_bit function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/236 CVE-2020-21597[3]: | libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma | function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/238 CVE-2020-21599[4]: | libde265 v1.0.4 contains a heap buffer overflow in the | de265_image::available_zscan function, which can be exploited via a | crafted a file. https://github.com/strukturag/libde265/issues/235 CVE-2020-21601[5]: | libde265 v1.0.4 contains a stack buffer overflow in the | put_qpel_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/241 CVE-2020-21603[6]: | libde265 v1.0.4 contains a heap buffer overflow in the | put_qpel_0_0_fallback_16 function, which can be exploited via a | crafted a file. https://github.com/strukturag/libde265/issues/240 CVE-2020-21604[7]: | libde265 v1.0.4 contains a heap buffer overflow fault in the | _mm_loadl_epi64 function, which can be exploited via a crafted a file. https://github.com/strukturag/libde265/issues/231 CVE-2020-21605[8]: | libde265 v1.0.4 contains a segmentation fault in the | apply_sao_internal function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/234 CVE-2020-21606[9]: | libde265 v1.0.4 contains a heap buffer overflow fault in the | put_epel_16_fallback function, which can be exploited via a crafted a | file. https://github.com/strukturag/libde265/issues/232 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21594 [1] https://security-tracker.debian.org/tracker/CVE-2020-21595 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21595 [2] https://security-tracker.debian.org/tracker/CVE-2020-21596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21596 [3] https://security-tracker.debian.org/tracker/CVE-2020-21597 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21597 [4] https://security-tracker.debian.org/tracker/CVE-2020-21599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21599 [5] https://security-tracker.debian.org/tracker/CVE-2020-21601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21601 [6] https://security-tracker.debian.org/tracker/CVE-2020-21603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21603 [7] https://security-tracker.debian.org/tracker/CVE-2020-21604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21604 [8] https://security-tracker.debian.org/tracker/CVE-2020-21605 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21605 [9] https://security-tracker.debian.org/tracker/CVE-2020-21606 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21606 Please adjust the affected versions in the BTS as needed.
Bug#1014977: libde265: CVE-2022-1253 CVE-2021-36411 CVE-2021-36410 CVE-2021-36408 CVE-2021-35452
Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2022-1253[0]: | Heap-based Buffer Overflow in GitHub repository strukturag/libde265 | prior to and including 1.0.8. The fix is established in commit | 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an | official release. https://huntr.dev/bounties/1-other-strukturag/libde265/ https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8 CVE-2021-36411[1]: | An issue has been found in libde265 v1.0.8 due to incorrect access | control. A SEGV caused by a READ memory access in function | derive_boundaryStrength of deblock.cc has occurred. The vulnerability | causes a segmentation fault and application crash, which leads to | remote denial of service. https://github.com/strukturag/libde265/issues/302 https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c CVE-2021-36410[2]: | A stack-buffer-overflow exists in libde265 v1.0.8 via fallback- | motion.cc in function put_epel_hv_fallback when running program | dec265. https://github.com/strukturag/libde265/issues/301 https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355 CVE-2021-36409: https://github.com/strukturag/libde265/issues/300 https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c CVE-2021-36408[3]: | An issue was discovered in libde265 v1.0.8.There is a Heap-use-after- | free in intrapred.h when decoding file using dec265. https://github.com/strukturag/libde265/issues/299 https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911 CVE-2021-35452[4]: | An Incorrect Access Control vulnerability exists in libde265 v1.0.8 | due to a SEGV in slice.cc. https://github.com/strukturag/libde265/issues/298 https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-1253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1253 [1] https://security-tracker.debian.org/tracker/CVE-2021-36411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36411 [2] https://security-tracker.debian.org/tracker/CVE-2021-36410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36410 [3] https://security-tracker.debian.org/tracker/CVE-2021-36408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36408 [4] https://security-tracker.debian.org/tracker/CVE-2021-35452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35452 Please adjust the affected versions in the BTS as needed.
Bug#1014783: faust: CVE-2021-41736 CVE-2021-41737
Source: faust X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerabilities were published for faust. CVE-2021-41736[0]: | Faust v2.35.0 was discovered to contain a heap-buffer overflow in the | function realPropagate() at propagate.cpp. https://github.com/grame-cncm/faust/issues/653 CVE-2021-41737[1]: No description was found (try on a search engine) https://github.com/grame-cncm/faust/issues/653 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41736 [1] https://security-tracker.debian.org/tracker/CVE-2021-41737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41737 Please adjust the affected versions in the BTS as needed.
Bug#1014777: libgig: CVE-2021-32294
Source: libgig X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libgig. CVE-2021-32294[0]: | An issue was discovered in libgig through 20200507. A heap-buffer- | overflow exists in the function RIFF::List::GetSubList located in | RIFF.cpp. It allows an attacker to cause code Execution. https://github.com/drbye78/libgig/issues/1 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32294 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32294 Please adjust the affected versions in the BTS as needed.
Bug#1014713: libsndfile: CVE-2021-4156
Source: libsndfile X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libsndfile. CVE-2021-4156[0]: | An out-of-bounds read flaw was found in libsndfile's FLAC codec | functionality. An attacker who is able to submit a specially crafted | file (via tricking a user to open or otherwise) to an application | linked with libsndfile and using the FLAC codec, could trigger an out- | of-bounds read that would most likely cause a crash but could | potentially leak memory information that could be used in further | exploitation of other flaws. https://github.com/libsndfile/libsndfile/issues/731 https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-4156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156 Please adjust the affected versions in the BTS as needed.
Bug#1014125: libheif: CVE-2020-23109
Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libheif. CVE-2020-23109[0]: | Buffer overflow vulnerability in function convert_colorspace in | heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a | denial of service and disclose sensitive information, via a crafted | HEIF file. https://github.com/strukturag/libheif/issues/207 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-23109 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23109 Please adjust the affected versions in the BTS as needed.
Bug#1012516: sox: CVE-2022-31650 CVE-2022-31651
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerabilities were published for sox. CVE-2022-31650[0]: | In SoX 14.4.2, there is a floating-point exception in | lsx_aiffstartwrite in aiff.c in libsox.a. CVE-2022-31651[1]: | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in | libsox.a. https://sourceforge.net/p/sox/bugs/360/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650 [1] https://security-tracker.debian.org/tracker/CVE-2022-31651 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651 Please adjust the affected versions in the BTS as needed.
Bug#991496: libsndfile: CVE-2021-3246
Source: libsndfile X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libsndfile. CVE-2021-3246[0]: | A heap buffer overflow vulnerability in msadpcm_decode_block of | libsndfile 1.0.30 allows attackers to execute arbitrary code via a | crafted WAV file. https://github.com/libsndfile/libsndfile/issues/687 Patch is here: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3246 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246 Please adjust the affected versions in the BTS as needed.
Bug#936883: libkate: Python2 removal in sid/bullseye
On Tue, Sep 03, 2019 at 06:50:02AM -0400, Scott Kitterman wrote: > On Fri, 30 Aug 2019 07:23:42 + Matthias Klose wrote: > > Package: src:libkate > > Version: 0.4.1-9 > > Severity: normal > > Tags: sid bullseye > > User: debian-pyt...@lists.debian.org > > Usertags: py2removal > > > > Python2 becomes end-of-live upstream, and Debian aims to remove > > Python2 from the distribution, as discussed in > > https://lists.debian.org/debian-python/2019/07/msg00080.html > > > > Your package either build-depends, depends on Python2, or uses Python2 > > in the autopkg tests. Please stop using Python2, and fix this issue > > by one of the following actions. > ... > > This looks pretty dead upstream. Any reason not to go ahead an remove this? Python (and pythoncard) are only needed by the libkate-tools binary package, the rest can be kept. Cheers, Moritz
Bug#875038: [lmms] Future Qt4 removal from Buster
On Sun, Oct 14, 2018 at 03:16:27AM +0200, Javier Serrano Polo wrote: > On Fri, 23 Mar 2018 18:23:51 +0800 Boyuan Yang <073p...@gmail.com> > wrote: > > lmms 1.2.0 is on its way. > > I will not package a candidate version unless this bug becomes serious. > Efforts should be directed in helping upstream to release a stable > version. This has now been bumped to serious last week. What's the plan here, ship an interim version supporting Qt5 or remove lmms and re-introduce it to Debian once a stable 2.0 release is out? Cheers, Moritz
Bug#917292: ffmpeg: linking with libcrystalhd3 seem of no use at all
On Sat, Jul 27, 2019 at 03:27:34PM -0300, Jonas Smedegaard wrote: > Quoting James Cowgill (2019-07-27 12:48:23) > > Hi, > > > > On 27/07/2019 15:52, Jonas Smedegaard wrote: > > > Quoting James Cowgill (2019-07-27 11:12:00) > > >> Hi, > > >> > > >>> ffmpeg currently links with libcrystalhd3. > > >>> > > >>> It seems, however, that libcrystalhd3 is only really useful > > >>> together with firmware-crystalhd, which was never really usable in > > >>> Debian, leading to that package being dropped: > > >>> https://bugs.debian.org/865978 > > >>> > > >>> If someone wants to revive CrystalHD in Debian, it seems a good > > >>> place to start is > > >>> https://www.mythtv.org/wiki/Broadcom_Crystal_HD#Feb._2014_Update > > >>> > > >>> I suggest to simply stop link with libcrystalhd3 until > > >>> firmware-crystalhd reappear in Debian. > > >> > > >> I've disables crystalhd. > [...] > > Should we completely remove libcrystalhd3 from the archive as well in > > that case (given what you wrote above)? > > Yes, unless anyone steps up and points outan actual working use-case of > the library, we should (have all its reverse dependencies stop link > against it and) remove it from Debian altogether. Can you please file an RC bug against libcrystalhd3 so that we have that on record in the BTS? Cheers, Moritz
Bug#926666: CVE-2019-9718 CVE-2019-9721
On Mon, Apr 08, 2019 at 08:31:43PM +0200, Moritz Muehlenhoff wrote: > Package: ffmpeg > Version: 7:4.1.1-1 > Severity: important > Tags: security > > https://security-tracker.debian.org/tracker/CVE-2019-9718 > https://security-tracker.debian.org/tracker/CVE-2019-9721 > > Both a fixed in the 4.1.3 release, which also fixes a number of > additional issues without a CVE ID. Also these were assigned and are fixed in 4.1.3: https://security-tracker.debian.org/tracker/CVE-2019-11338 https://security-tracker.debian.org/tracker/CVE-2019-11339 Cheers, Moritz
Re: gpac_0.7.1+dfsg1-1_amd64.changes is NEW
On Tue, Apr 02, 2019 at 10:40:44PM -0400, Reinhard Tartler wrote: > Ah, that's great news. I didn't realize that Moritz backported the > security fixes to an earlier upstream version. I managed to locate the > git commits but wasn't comfortable with backporting them to version 0.5.2, > not all of them applied cleanly and I lacked the confidence to resolve > the conflicts. > > Thanks Moritz for taking care of this! Yeah, I sent a mail to debian-multimedia@ldo about this, but seems to have fallen through the cracks: https://lists.debian.org/debian-multimedia/2019/03/msg00081.html BTW, I also prepared an MR on salsa for the remaining open security issues in src:audiofile, it would be great if anyone in the debian multimedia team could merge and upload: https://salsa.debian.org/multimedia-team/audiofile/merge_requests/1 > > As for gpac/0.7.1+dfsg1-1, I cannot find a debdiff for it on the mailing > > list nor the BTS. Therefore, I have no clue whether it is suitable for > > buster. > > The debdiff is unreasonably large (several MiB), there are a *lot* of > unrelated upstream changes included. > > I'll spare you to review it. > > Given we do have those RC bugs fixed with more targeted patches, I > no longer see the urgency to get 0.7.1 into unstable. Would you agree > with having 0.7.1 in experimental instead? If so, I'd upload it as > 0.7.1-2 to experimental. experimental should be fine, as it's totally to the freeze process. Cheers, Moritz
gpac: CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763
On Sun, Feb 10, 2019 at 07:48:12PM +0100, Moritz Muehlenhoff wrote: > Source: gpac > Severity: grave > Tags: security There's a 0.7.1 in NEW, but that won't be in time for buster, could you please upload a targeted fix for the open issues for 0.5? https://security-tracker.debian.org/tracker/source-package/gpac has links to all the fixes. (I've prepared a stable-proposed-update for gpac, but getting it fixed first in sid is a requirement for spu). Cheers, Moritz
Bug#919529: CVE-2019-6256
On Thu, Jan 17, 2019 at 12:00:13AM +0100, Sebastian Ramacher wrote: > Control: found -1 2016.11.28-1 > > On 2019-01-16 23:19:45, Moritz Muehlenhoff wrote: > > Source: liblivemedia > > Severity: grave > > Tags: security > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6256 > > > > Cheers, > > Moritz > > Not sure if I'm missing something, but the PoC does not seem to work on > buster/sid. Quite possible, I hadn't reproduced it myself yet and upstream homepage wasn't that obvious wrt existing fixes. Cheers, Moritz
Bug#911584: libopenmpt: out of bounds memory read in MED files
On Mon, Oct 22, 2018 at 09:44:27AM +0100, James Cowgill wrote: > Source: libopenmpt > Version: 0.2.7025~beta20.1-1 > Severity: important > Tags: security upstream fixed-upstream > > Hi, > > Upstream 0.3.13 released a fix for an out of bound read in malformed MED > files. It affects stretch. Doesn't warrant a DSA, but we can fix it along if there's a more severe issue in the future (or via point release) Cheers, Moritz
