Bug#1060409: gpac: CVE-2024-0321 CVE-2024-0322
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2024-0321[0]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/ https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a CVE-2024-0322[1]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/ https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0321 https://www.cve.org/CVERecord?id=CVE-2024-0321 [1] https://security-tracker.debian.org/tracker/CVE-2024-0322 https://www.cve.org/CVERecord?id=CVE-2024-0322 Please adjust the affected versions in the BTS as needed.
Processed: tagging 1060407, found 1060407 in 3.3.116-1, tagging 1060408, found 1060408 in 2023.11-2 ...
Processing commands for cont...@bugs.debian.org: > tags 1060407 + upstream Bug #1060407 [src:gtkwave] Multiple security issues Added tag(s) upstream. > found 1060407 3.3.116-1 Bug #1060407 [src:gtkwave] Multiple security issues Ignoring request to alter found versions of bug #1060407 to the same values previously set > tags 1060408 + upstream Bug #1060408 [src:edk2] edk2: CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 Added tag(s) upstream. > found 1060408 2023.11-2 Bug #1060408 [src:edk2] edk2: CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 Marked as found in versions edk2/2023.11-2. > tags 1060409 + upstream Bug #1060409 [src:gpac] gpac: CVE-2024-0321 CVE-2024-0322 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1060407: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060407 1060408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408 1060409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060409 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processing of django-organizations_2.3.1-1_source.changes
django-organizations_2.3.1-1_source.changes uploaded successfully to localhost along with the files: django-organizations_2.3.1-1.dsc django-organizations_2.3.1.orig.tar.gz django-organizations_2.3.1-1.debian.tar.xz django-organizations_2.3.1-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
django-organizations_2.3.1-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Jan 2024 14:36:31 -0500 Source: django-organizations Architecture: source Version: 2.3.1-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Scott Kitterman Closes: 1044258 Changes: django-organizations (2.3.1-1) unstable; urgency=medium . * Orphan the package, see #1060406 - Remove myself from uploaders and update maintainer to Debian QA Group - Update Vcs-* to Debian group * Add d/source/options extend-diff-ignore to fix dpkg-source failure due to local changes (python package metadata regeneration) (Closes: #1044258) * Bump standards-version to 4.6.2 without further change * New upstream release Checksums-Sha1: 787b58fd8ed482a371b50d55bda30b93e36290b0 2035 django-organizations_2.3.1-1.dsc 086ed45932296a5999ffdc0093f4e9d6773bc95a 36976 django-organizations_2.3.1.orig.tar.gz e00e323d3bf32794fbb1a4b4b1e5d1031d947a62 3244 django-organizations_2.3.1-1.debian.tar.xz a432366b4fa8f09e8abdd23edade07e047a378f4 6589 django-organizations_2.3.1-1_source.buildinfo Checksums-Sha256: 4ad81b6b17591ee04806984aa00acdc600c9f3a14056ccd1241faa4d380295ba 2035 django-organizations_2.3.1-1.dsc e692177ddf1a9fb55a66e97ed8a51778569d28af013cde4952b8101ce25004b9 36976 django-organizations_2.3.1.orig.tar.gz f6ff8a62f5d6443a396bd3c1d2e1eea6b9c20aae893eb4f2f0d94f902c37 3244 django-organizations_2.3.1-1.debian.tar.xz 36f7f8a1c75f6b3f703f296493e8cc069d067e587c9469da4ba8c71fea1d0d12 6589 django-organizations_2.3.1-1_source.buildinfo Files: bc6757f76e60c040a88da946cc6532c7 2035 python optional django-organizations_2.3.1-1.dsc 1329846f300803a3e2a6098055c98c67 36976 python optional django-organizations_2.3.1.orig.tar.gz e1079b6e8702071d537a1bdb5e66346c 3244 python optional django-organizations_2.3.1-1.debian.tar.xz 3b840614602ef76c0dcdb3b84495e00e 6589 python optional django-organizations_2.3.1-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmWe87sACgkQeNfe+5rV mvGKUw//eVvxH6F0RnHJUBouxku+gGCFiyE7G22hvF018azoYooK4cABrs80E7HC pFD3SaAwEIdbdS6ss1WxvMTbYPLJB7XNLPU9qUTnLTH7tGs3psOzTGck/OPTb3kA twsK5irvwB2OPlhCF23oitFvGsFxPuTdg/knpkXEdr1VV77ZhGh7SCDb+f1li12S +8+l82/sMgu5AXhzxwBEDopfrLym9Y+3IrUQNv4iXbZ4+aoZ7wTci0ocJZSI9zy3 64bWuMhlrYzi5ni4eEpUn2fCVpzw1hyNVEX+ajmOBEv1wAl5nlNDCmPXlz8wRuVT VcjY9U+uW2tXkL7CgDc/r4fU3G1XsL4xlYKSZ0a6me6D2nq0mmWy3nDA7wj2Sq/p yfZH3GQq8+kjNrTOG6SOxYErQwgFdhZ98kkNhT/H2KaU6ymlKf8VXkZqTLmiKxXT EpMDyRn1MLXvagXSHf952kZ2sUGNiq5GUsNjAP6S1XQFR0YttU7GVESaCy8t5j4Q g65mkohVO++UytKDCmGvHTCoy76d3ciwJc2Y+CR3/305JWWMMB0JP9lvIat7nzFo Y1ZIZ6n5H2JIJ3O4U13ydZfotQ0ZTR/3rh7TFZMeJPTc49vVrhC/XgYhGXpVJt0N FYvQPO6gXrDOScdzfy7got3WxQBzLZHfIrgr9EH05Tpxj4XEwAE= =JFB0 -END PGP SIGNATURE-
glogic is marked for autoremoval from testing
glogic 2.6-6 is marked for autoremoval from testing on 2024-01-11 It is affected by these RC bugs: 1058575: glogic: Fails to start due AttributeError https://bugs.debian.org/1058575 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl
powerline-taskwarrior is marked for autoremoval from testing
powerline-taskwarrior 0.7.2-2 is marked for autoremoval from testing on 2024-01-25 It (build-)depends on packages with these RC bugs: 1058256: powerline: FTBFS: ModuleNotFoundError: No module named 'imp' https://bugs.debian.org/1058256 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl
