Processed: bug 1077212 is forwarded to https://gitlab.com/ddcci-driver-linux/ddcci-driver-linux/-/issues/44

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1077212 
> https://gitlab.com/ddcci-driver-linux/ddcci-driver-linux/-/issues/44
Bug #1077212 [ddcci-dkms] ddcci-dkms: module fails to build for Linux 6.10
Set Bug forwarded-to-address to 
'https://gitlab.com/ddcci-driver-linux/ddcci-driver-linux/-/issues/44'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1077212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077212
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1034890: marked as done (gpac: CVE-2023-0841)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1034890,
regarding gpac: CVE-2023-0841
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1034890: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034890
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerability was published for gpac.

CVE-2023-0841[0]:
| A vulnerability, which was classified as critical, has been found in
| GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function
| mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation
| leads to heap-based buffer overflow. The attack may be initiated
| remotely. The exploit has been disclosed to the public and may be
| used. The associated identifier of this vulnerability is VDB-221087.

Only reference here is the following, doesn't seem to have been forwarded:
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-0841
https://www.cve.org/CVERecord?id=CVE-2023-0841

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1034732: marked as done (Keep out of testing)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1034732,
regarding Keep out of testing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1034732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034732
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gpac
Version: 2.0.0+dfsg1-2+b1
Severity: serious

In some discussion between Reinhard, Sebastian and the Security team we've come 
to the
conclusion that gpac isn't suitable to be included in a stable release. The 
massive
influx of security issues makes that untenable (and there's no suitable LTS 
branch
we could use, which e.g. makes ffmpeg manageable).

Sebastian has already updated x264 to no longer depend on it, when x264
2:0.164.3095+gitbaee400-3 has reached testing, gpac can be dropped. The only
other rdep in ccextractor, which is already out of testing due to a lack of
support for ffmpeg 5.

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1036701: marked as done (gpac: CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1036701,
regarding gpac: CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036701
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-2837[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/
https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611

CVE-2023-2838[1]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/
https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba

CVE-2023-2839[2]:
| Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/
https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac

CVE-2023-2840[3]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a3

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-2837
https://www.cve.org/CVERecord?id=CVE-2023-2837
[1] https://security-tracker.debian.org/tracker/CVE-2023-2838
https://www.cve.org/CVERecord?id=CVE-2023-2838
[2] https://security-tracker.debian.org/tracker/CVE-2023-2839
https://www.cve.org/CVERecord?id=CVE-2023-2839
[3] https://security-tracker.debian.org/tracker/CVE-2023-2840
https://www.cve.org/CVERecord?id=CVE-2023-2840

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1051740: marked as done (gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 CVE-2023-39562 CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 CVE-2023-4720 CVE-2023-4721 CVE-2023-4722 CVE-2023-4

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1051740,
regarding gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 CVE-2023-39562 
CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 CVE-2023-4720 
CVE-2023-4721 CVE-2023-4722 CVE-2023-4754 CVE-2023-4755 CVE-2023-4756 
CVE-2023-4758 CVE-2023-4778
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051740
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7

CVE-2023-3013[1]:
| Unchecked Return Value in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594

CVE-2023-3291[2]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf

CVE-2023-39562[3]:
| GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a
| heap-use-after-free via the gf_bs_align function at bitstream.c.
| This vulnerability allows attackers to cause a Denial of Service
| (DoS) via supplying a crafted file.

https://github.com/gpac/gpac/issues/2537
https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6

CVE-2023-4678[4]:
| Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07
https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877

CVE-2023-4681[5]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c
https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e

CVE-2023-4682[6]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be
https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c

CVE-2023-4683[7]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec
https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922

CVE-2023-4720[8]:
| Floating Point Comparison with Incorrect Operator in GitHub
| repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a
https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad

CVE-2023-4721[9]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63
https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc

CVE-2023-4722[10]:
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior
| to 2.3-DEV.

https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76
https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830

CVE-2023-4754[11]:
| Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c

CVE-2023-4755[12]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3

CVE-2023-4756[13]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05

CVE-2023-4758[14]:
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6

CVE-2023-4778[15]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://huntr.dev/bounties/abb450fb-4ab2-

Bug#1041421: marked as done (gpac: CVE-2023-3523 CVE-2023-37174 CVE-2023-37765 CVE-2023-37766 CVE-2023-37767)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1041421,
regarding gpac: CVE-2023-3523 CVE-2023-37174 CVE-2023-37765 CVE-2023-37766 
CVE-2023-37767
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041421
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for zabbix.

CVE-2023-3523[0]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96
 

CVE-2023-37174[1]:
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a
| segmentation violation in the dump_isom_scene function at
| /mp4box/filedump.c.

https://github.com/gpac/gpac/issues/2505
https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
  

CVE-2023-37765[2]:
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a
| segmentation violation in the gf_dump_vrml_sffield function at
| /lib/libgpac.so.

https://github.com/gpac/gpac/issues/2515
https://github.com/gpac/gpac/commit/36e1b9900ff638576cb88636bbbe2116ed06dfdc


CVE-2023-37766[3]:
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a
| segmentation violation in the gf_isom_remove_user_data function at
| /lib/libgpac.so.

https://github.com/gpac/gpac/issues/2516
https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c


CVE-2023-37767[4]:
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a
| segmentation violation in the BM_ParseIndexValueReplace function at
| /lib/libgpac.so.

https://github.com/gpac/gpac/issues/2514
https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3523
https://www.cve.org/CVERecord?id=CVE-2023-3523
[1] https://security-tracker.debian.org/tracker/CVE-2023-37174
https://www.cve.org/CVERecord?id=CVE-2023-37174
[2] https://security-tracker.debian.org/tracker/CVE-2023-37765
https://www.cve.org/CVERecord?id=CVE-2023-37765
[3] https://security-tracker.debian.org/tracker/CVE-2023-37766
https://www.cve.org/CVERecord?id=CVE-2023-37766
[4] https://security-tracker.debian.org/tracker/CVE-2023-37767
https://www.cve.org/CVERecord?id=CVE-2023-37767

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1051866: marked as done (gpac: CVE-2023-0770 CVE-2023-0760 CVE-2023-0358 CVE-2023-23145 CVE-2023-23144 CVE-2023-23143 CVE-2022-4202 CVE-2022-45343 CVE-2022-45283 CVE-2022-45202 CVE-2022-43045 CVE

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1051866,
regarding gpac: CVE-2023-0770 CVE-2023-0760 CVE-2023-0358 CVE-2023-23145 
CVE-2023-23144 CVE-2023-23143 CVE-2022-4202 CVE-2022-45343 CVE-2022-45283 
CVE-2022-45202  CVE-2022-43045 CVE-2022-43044 CVE-2022-43043 CVE-2022-43042 
CVE-2022-43040 CVE-2022-43039 CVE-2022-3222
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi

Some of the CVEs in #1033116 seems to not have been addressed (and in
part were addressed in a DSA already). Here a fresh bug for the
remaining ones.

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-0770[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.


CVE-2023-0760[1]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| V2.1.0-DEV.


CVE-2023-0358[2]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.


CVE-2023-23145[3]:
| GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a
| memory leak in lsr_read_rare_full function.


CVE-2023-23144[4]:
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere
| file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.


CVE-2023-23143[5]:
| Buffer overflow vulnerability in function avc_parse_slice in file
| media_tools/av_parsers.c. GPAC version 2.3-DEV-
| rev1-g4669ba229-master.


CVE-2022-4202[6]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function
| lsr_translate_coords of the file laser/lsr_dec.c. The manipulation
| leads to integer overflow. It is possible to launch the attack
| remotely. The exploit has been disclosed to the public and may be
| used. The name of the patch is
| b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply
| a patch to fix this issue. VDB-214518 is the identifier assigned to
| this vulnerability.


CVE-2022-45343[7]:
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a
| heap use-after-free via the Q_IsTypeOn function at
| /gpac/src/bifs/unquantize.c.


CVE-2022-45283[8]:
| GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the
| smil_parse_time_list parameter at /scenegraph/svg_attributes.c.


CVE-2022-45202[9]:
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a
| stack overflow via the function dimC_box_read at
| isomedia/box_code_3gpp.c.


CVE-2022-43045[10]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_dump_vrml_sffield at
| /scene_manager/scene_dump.c.


CVE-2022-43044[11]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_get_meta_item_info
| at /isomedia/meta.c.


CVE-2022-43043[12]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function BD_CheckSFTimeOffset at
| /bifs/field_decode.c.


CVE-2022-43042[13]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| heap buffer overflow via the function FixSDTPInTRAF at
| isomedia/isom_intern.c.


CVE-2022-43040[14]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| heap buffer overflow via the function gf_isom_box_dump_start_ex at
| /isomedia/box_funcs.c.


CVE-2022-43039[15]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function
| gf_isom_meta_restore_items_ref at /isomedia/meta.c.


CVE-2022-3222[16]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-0770
https://www.cve.org/CVERecord?id=CVE-2023-0770
[1] https://security-tracker.debian.org/tracker/CVE-2023-0760
https://www.cve.org/CVERecord?id=CVE-2023-0760
[2] https://security-tracker.debian.org/tracker/CVE-2023-0358
https://www.cve.org/CVERecord?id=CVE-2023-0358
[3] https://security-tracker.debian.org/tracker/CVE-2023-23145
https://www.cve.org/CVERecord?id=CVE

Bug#1053878: marked as done (gpac: CVE-2023-42298 CVE-2023-5520)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1053878,
regarding gpac: CVE-2023-42298 CVE-2023-5520
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1053878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-42298[0]:
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to
| cause a denial of service via the Q_DecCoordOnUnitSphere function of
| file src/bifs/unquantize.c.

https://github.com/gpac/gpac/issues/2567
https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06

CVE-2023-5520[1]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a
https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-42298
https://www.cve.org/CVERecord?id=CVE-2023-42298
[1] https://security-tracker.debian.org/tracker/CVE-2023-5520
https://www.cve.org/CVERecord?id=CVE-2023-5520

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1051955: marked as done (gpac: CVE-2023-41000)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1051955,
regarding gpac: CVE-2023-41000
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051955
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-41000[0]:
| GPAC through 2.2.1 has a use-after-free vulnerability in the
| function gf_bifs_flush_command_list in bifs/memory_decoder.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41000
https://www.cve.org/CVERecord?id=CVE-2023-41000
[1] https://github.com/gpac/gpac/issues/2550
[2] https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1055125: marked as done (gpac: CVE-2023-5595)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1055125,
regarding gpac: CVE-2023-5595
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055125
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2633
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-5595[0]:
| Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-5595
https://www.cve.org/CVERecord?id=CVE-2023-5595
[1] https://github.com/gpac/gpac/issues/2633

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1055124: marked as done (gpac: CVE-2023-5586)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1055124,
regarding gpac: CVE-2023-5586
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055124
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2632
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-5586[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.3.0-DEV.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-5586
https://www.cve.org/CVERecord?id=CVE-2023-5586
[1] https://github.com/gpac/gpac/issues/2632

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1055122: marked as done (gpac: CVE-2023-5377)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1055122,
regarding gpac: CVE-2023-5377
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055122
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2606
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-5377[0]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to
| v2.2.2-DEV.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-5377
https://www.cve.org/CVERecord?id=CVE-2023-5377
[1] https://github.com/gpac/gpac/issues/2606

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1055298: marked as done (gpac: CVE-2023-46927 CVE-2023-46928 CVE-2023-46930 CVE-2023-46931)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1055298,
regarding gpac: CVE-2023-46927 CVE-2023-46928 CVE-2023-46930 CVE-2023-46931
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055298: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055298
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-46927[0]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in gf_isom_use_compact_size
| gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

https://github.com/gpac/gpac/issues/2657
https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817

CVE-2023-46928[1]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box
| in gf_media_change_pl
| /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

https://github.com/gpac/gpac/issues/2661
https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1

CVE-2023-46930[2]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box
| in gf_isom_find_od_id_for_track
| /afltest/gpac/src/isomedia/media_odf.c:522:14.

https://github.com/gpac/gpac/issues/2666
https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8

CVE-2023-46931[3]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in ffdmx_parse_side_data
| /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

https://github.com/gpac/gpac/issues/2664
https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46927
https://www.cve.org/CVERecord?id=CVE-2023-46927
[1] https://security-tracker.debian.org/tracker/CVE-2023-46928
https://www.cve.org/CVERecord?id=CVE-2023-46928
[2] https://security-tracker.debian.org/tracker/CVE-2023-46930
https://www.cve.org/CVERecord?id=CVE-2023-46930
[3] https://security-tracker.debian.org/tracker/CVE-2023-46931
https://www.cve.org/CVERecord?id=CVE-2023-46931

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1056282: marked as done (gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1056282,
regarding gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 
CVE-2023-5998 CVE-2023-46001
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1056282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056282
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-47384[0]:
| MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
| contain a memory leak in the function gf_isom_add_chapter at
| /isomedia/isom_write.c. This vulnerability allows attackers to cause
| a Denial of Service (DoS) via a crafted MP4 file.

https://github.com/gpac/gpac/issues/2672

CVE-2023-4785[1]:
| Lack of error handling in the TCP server in Google's gRPC starting
| version 1.23 on posix-compatible platforms (ex. Linux) allows an
| attacker to cause a denial of service by initiating a significant
| number of connections with the server. Note that gRPC C++ Python,
| and Ruby are affected, but gRPC Java, and Go are NOT affected.

https://github.com/grpc/grpc/pull/33656
https://github.com/grpc/grpc/pull/33667
https://github.com/grpc/grpc/pull/33669
https://github.com/grpc/grpc/pull/33670
https://github.com/grpc/grpc/pull/33672

CVE-2023-48011[2]:
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a
| heap-use-after-free via the flush_ref_samples function at
| /gpac/src/isomedia/movie_fragments.c.

https://github.com/gpac/gpac/issues/2611
https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea

CVE-2023-48013[3]:
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a
| double free via the gf_filterpacket_del function at
| /gpac/src/filter_core/filter.c.

https://github.com/gpac/gpac/issues/2612
https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893

CVE-2023-48014[4]:
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a
| stack overflow via the hevc_parse_vps_extension function at
| /media_tools/av_parsers.c.

https://github.com/gpac/gpac/issues/2613
https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b

CVE-2023-5998[5]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to
| 2.3.0-DEV.

https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e

CVE-2023-46001[6]:
| Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-
| rev573-g201320819-master allows a local attacker to cause a denial
| of service via the gpac/src/isomedia/isom_read.c:2807:51 function in
| gf_isom_get_user_data.

https://github.com/gpac/gpac/issues/2629
https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-47384
https://www.cve.org/CVERecord?id=CVE-2023-47384
[1] https://security-tracker.debian.org/tracker/CVE-2023-4785
https://www.cve.org/CVERecord?id=CVE-2023-4785
[2] https://security-tracker.debian.org/tracker/CVE-2023-48011
https://www.cve.org/CVERecord?id=CVE-2023-48011
[3] https://security-tracker.debian.org/tracker/CVE-2023-48013
https://www.cve.org/CVERecord?id=CVE-2023-48013
[4] https://security-tracker.debian.org/tracker/CVE-2023-48014
https://www.cve.org/CVERecord?id=CVE-2023-48014
[5] https://security-tracker.debian.org/tracker/CVE-2023-5998
https://www.cve.org/CVERecord?id=CVE-2023-5998
[6] https://security-tracker.debian.org/tracker/CVE-2023-46001
https://www.cve.org/CVERecord?id=CVE-2023-46001

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the n

Bug#1059056: marked as done (gpac: CVE-2023-48958 CVE-2023-46871 CVE-2023-46932 CVE-2023-47465 CVE-2023-48039 CVE-2023-48090)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1059056,
regarding gpac: CVE-2023-48958 CVE-2023-46871 CVE-2023-46932 CVE-2023-47465 
CVE-2023-48039 CVE-2023-48090
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1059056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-48958[0]:
| gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
| gf_mpd_resolve_url media_tools/mpd.c:4589.

https://github.com/gpac/gpac/issues/2689
Fixed by: 
https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4

CVE-2023-46871[1]:
| GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a
| memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This
| vulnerability may lead to a denial of service.

https://github.com/gpac/gpac/issues/2658
Fixed by: 
https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c

CVE-2023-46932[2]:
| Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-
| rev617-g671976fcc-master, allows attackers to execute arbitrary code
| and cause a denial of service (DoS) via str2ulong class in
| src/media_tools/avilib.c in gpac/MP4Box.

https://github.com/gpac/gpac/issues/2669
https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b

CVE-2023-47465[3]:
| An issue in GPAC v.2.2.1 and before allows a local attacker to cause
| a denial of service (DoS) via the ctts_box_read function of file
| src/isomedia/box_code_base.c.

https://github.com/gpac/gpac/issues/2652
https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521

CVE-2023-48039[4]:
| GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak
| in gf_mpd_parse_string media_tools/mpd.c:75.

https://github.com/gpac/gpac/issues/2679

CVE-2023-48090[5]:
| GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks
| in extract_attributes media_tools/m3u8.c:329.

https://github.com/gpac/gpac/issues/2680

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-48958
https://www.cve.org/CVERecord?id=CVE-2023-48958
[1] https://security-tracker.debian.org/tracker/CVE-2023-46871
https://www.cve.org/CVERecord?id=CVE-2023-46871
[2] https://security-tracker.debian.org/tracker/CVE-2023-46932
https://www.cve.org/CVERecord?id=CVE-2023-46932
[3] https://security-tracker.debian.org/tracker/CVE-2023-47465
https://www.cve.org/CVERecord?id=CVE-2023-47465
[4] https://security-tracker.debian.org/tracker/CVE-2023-48039
https://www.cve.org/CVERecord?id=CVE-2023-48039
[5] https://security-tracker.debian.org/tracker/CVE-2023-48090
https://www.cve.org/CVERecord?id=CVE-2023-48090

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1060696: marked as done (gpac: CVE-2023-50120)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1060696,
regarding gpac: CVE-2023-50120
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1060696: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060696
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerability was published for gpac.

CVE-2023-50120[0]:
| MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered
| to contain an infinite loop in the function av1_uvlc at
| media_tools/av_parsers.c. This vulnerability allows attackers to
| cause a Denial of Service (DoS) via a crafted MP4 file.

https://github.com/gpac/gpac/issues/2698
https://github.com/gpac/gpac/commit/b655955b840ccd7c7198bb15375aa510e76208eb

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-50120
https://www.cve.org/CVERecord?id=CVE-2023-50120

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1060043: marked as done (gpac: CVE-2023-46929)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1060043,
regarding gpac: CVE-2023-46929
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1060043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060043
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2662
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-46929[0]:
| An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in
| MP4Box in gf_avc_change_vui
| /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers
| to crash the application.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46929
https://www.cve.org/CVERecord?id=CVE-2023-46929
[1] https://github.com/gpac/gpac/issues/2662
[2] https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1060409: marked as done (gpac: CVE-2024-0321 CVE-2024-0322)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1060409,
regarding gpac: CVE-2024-0321 CVE-2024-0322
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1060409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060409
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2024-0321[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a

CVE-2024-0322[1]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/
https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-0321
https://www.cve.org/CVERecord?id=CVE-2024-0321
[1] https://security-tracker.debian.org/tracker/CVE-2024-0322
https://www.cve.org/CVERecord?id=CVE-2024-0322

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1065861: marked as done (gpac: CVE-2024-22749)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1065861,
regarding gpac: CVE-2024-22749
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1065861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2713
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2024-22749[0]:
| GPAC v2.3 was detected to contain a buffer overflow via the function
| gf_isom_new_generic_sample_description function in the
| isomedia/isom_write.c:4577


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-22749
https://www.cve.org/CVERecord?id=CVE-2024-22749
[1] https://github.com/gpac/gpac/issues/2713
[2] https://github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1068462: marked as done (gpac: CVE-2024-28318 CVE-2024-28319 CVE-2023-46426 CVE-2023-46427 CVE-2024-24265 CVE-2024-24266 CVE-2024-24267)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1068462,
regarding gpac: CVE-2024-28318 CVE-2024-28319 CVE-2023-46426 CVE-2023-46427 
CVE-2024-24265 CVE-2024-24266 CVE-2024-24267
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068462
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
| scene_manager/swf_parse.c:325

https://github.com/gpac/gpac/issues/2764
https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716

CVE-2024-28319[1]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an
| out of boundary read vulnerability via gf_dash_setup_period
| media_tools/dash_client.c:6374

https://github.com/gpac/gpac/issues/2763
https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e

CVE-2023-46426[2]:
| Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-
| rev588-g7edc40fee-master, allows remote attackers to execute
| arbitrary code and cause a denial of service (DoS) via gf_fwrite
| component in at utils/os_file.c.

https://github.com/gpac/gpac/issues/2642
https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341

CVE-2023-46427[3]:
| An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-
| master, allows remote attackers to execute arbitrary code, cause a
| denial of service (DoS), and obtain sensitive information via null
| pointer deference in gf_dash_setup_period component in
| media_tools/dash_client.c.

https://github.com/gpac/gpac/issues/2641
https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a

CVE-2024-24265[4]:
| gpac v2.2.1 was discovered to contain a memory leak via the
| dst_props variable in the gf_filter_pid_merge_properties_internal
| function.

https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md

CVE-2024-24266[5]:
| gpac v2.2.1 was discovered to contain a Use-After-Free (UAF)
| vulnerability via the dasher_configure_pid function at
| /src/filters/dasher.c.

https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md

CVE-2024-24267[6]:
| gpac v2.2.1 was discovered to contain a memory leak via the
| gfio_blob variable in the gf_fileio_from_blob function.

https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-28318
https://www.cve.org/CVERecord?id=CVE-2024-28318
[1] https://security-tracker.debian.org/tracker/CVE-2024-28319
https://www.cve.org/CVERecord?id=CVE-2024-28319
[2] https://security-tracker.debian.org/tracker/CVE-2023-46426
https://www.cve.org/CVERecord?id=CVE-2023-46426
[3] https://security-tracker.debian.org/tracker/CVE-2023-46427
https://www.cve.org/CVERecord?id=CVE-2023-46427
[4] https://security-tracker.debian.org/tracker/CVE-2024-24265
https://www.cve.org/CVERecord?id=CVE-2024-24265
[5] https://security-tracker.debian.org/tracker/CVE-2024-24266
https://www.cve.org/CVERecord?id=CVE-2024-24266
[6] https://security-tracker.debian.org/tracker/CVE-2024-24267
https://www.cve.org/CVERecord?id=CVE-2024-24267

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (t

Bug#1072419: marked as done (gpac: FTBFS with ffmpeg 7.0: filters/ff_common.c:777:14: error: ‘AV_OPT_TYPE_CHANNEL_LAYOUT’ undeclared (first use in this function); did you mean ‘AV_OPT_TYPE_CHLAYOUT’?)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1072419,
regarding gpac: FTBFS with ffmpeg 7.0: filters/ff_common.c:777:14: error: 
‘AV_OPT_TYPE_CHANNEL_LAYOUT’ undeclared (first use in this function); did you 
mean ‘AV_OPT_TYPE_CHLAYOUT’?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1072419: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072419
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
Version: 2.2.1+dfsg1-3.1
Severity: important
Tags: trixie sid ftbfs
Usertags: ffmpeg-7.0

Hi,

during a rebuild of the reverse dependencies for the transition to
ffmpeg 7.0, your package failed to build


Relevant part (hopefully):
> gcc -I"/<>/include"  -O2  -Wall -fPIC -DPIC -I/usr/include/mozjs 
> -DXP_UNIX -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 
> -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
> -fstack-protector-strong -fstack-clash-protection -Wformat 
> -Werror=format-security -mbranch-protection=standard -Wall 
> -fno-strict-aliasing -Wno-pointer-sign -fPIC -DPIC -std=gnu99 -Wno-deprecated 
> -Wno-deprecated-declarations -Wno-int-in-bool-context -DGPAC_HAVE_CONFIG_H 
> -I"/<>" -fvisibility="hidden" -g   
> -I/usr/include/aarch64-linux-gnu -c -o filters/ff_avf.o filters/ff_avf.c
> filters/ff_common.c: In function ‘ffmpeg_arg_translate’:
> filters/ff_common.c:777:14: error: ‘AV_OPT_TYPE_CHANNEL_LAYOUT’ undeclared 
> (first use in this function); did you mean ‘AV_OPT_TYPE_CHLAYOUT’?
>   777 | case AV_OPT_TYPE_CHANNEL_LAYOUT:
>   |  ^~
>   |  AV_OPT_TYPE_CHLAYOUT
> filters/ff_common.c:777:14: note: each undeclared identifier is reported only 
> once for each function it appears in
> filters/ff_common.c: In function ‘ffmpeg_codec_par_from_gpac’:
> filters/ff_common.c:2051:32: error: ‘AVCodecParameters’ has no member named 
> ‘channels’
>  2051 | if (p) codecpar->channels = p->value.uint;
>   |^~
> filters/ff_common.c:2065:34: error: ‘AVCodecParameters’ has no member named 
> ‘channels’
>  2065 | else if (codecpar->channels==2)
>   |  ^~
> filters/ff_avf.c: In function ‘ffavf_process’:
> filters/ff_avf.c:575:45: error: ‘AVFrame’ has no member named 
> ‘channel_layout’; did you mean ‘ch_layout’?
>   575 | ctx->frame->channel_layout = 
> ipid->ch_layout;
>   | ^~
>   | ch_layout
> filters/ff_avf.c:576:43: error: ‘AVFrame’ has no member named ‘channels’
>   576 | ctx->frame->channels = ipid->nb_ch;
>   |   ^~
> filters/ff_common.c:2067:27: error: ‘AVCodecParameters’ has no member named 
> ‘channel_layout’; did you mean ‘ch_layout’?
>  2067 | codecpar->channel_layout = 
> ffmpeg_channel_layout_from_gpac(ch_layout);
>   |   ^~
>   |   ch_layout
> filters/ff_avf.c:720:41: error: ‘AVFrame’ has no member named 
> ‘channel_layout’; did you mean ‘ch_layout’?
>   720 | else if 
> (frame->channel_layout!=opid->ch_layout) {}
>   | ^~
>   | ch_layout
> filters/ff_avf.c:721:39: error: ‘AVFrame’ has no member named ‘channels’
>   721 | else if (frame->channels != opid->nb_ch) {}
>   |   ^~
> filters/ff_avf.c:727:91: error: ‘AVFrame’ has no member named 
> ‘channel_layout’; did you mean ‘ch_layout’?
>   727 | u64 gpac_ch_layout = 
> ffmpeg_channel_layout_to_gpac(frame->channel_layout);
>   |   
> ^~
>   |   
> ch_layout
> In file included from filters/ff_common.h:27,
>  from filters/ff_avf.c:30:
> filters/ff_avf.c:730:116: error: ‘AVFrame’ has no member named ‘channels’
>   730 | 
> gf_filter_pid_set_property(opid->io_pid, GF_PROP_PID_NUM_CHANNELS, 
> &PROP_UINT(frame->channels));
>   |   

Bug#1074414: marked as done (gpac: CVE-2024-6061 CVE-2024-6062 CVE-2024-6063 CVE-2024-6064)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #1074414,
regarding gpac: CVE-2024-6061 CVE-2024-6062 CVE-2024-6063 CVE-2024-6064
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1074414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074414
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2024-6061[0]:
| A vulnerability has been found in GPAC 2.5-DEV-
| rev228-g11067ea92-master and classified as problematic. Affected by
| this vulnerability is the function isoffin_process of the file
| src/filters/isoffin_read.c of the component MP4Box. The manipulation
| leads to infinite loop. It is possible to launch the attack on the
| local host. The exploit has been disclosed to the public and may be
| used. The identifier of the patch is
| 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply
| a patch to fix this issue. The identifier VDB-268789 was assigned to
| this vulnerability.

https://github.com/gpac/gpac/issues/2871
https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c

CVE-2024-6062[1]:
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master
| and classified as problematic. Affected by this issue is the
| function swf_svg_add_iso_sample of the file src/filters/load_text.c
| of the component MP4Box. The manipulation leads to null pointer
| dereference. The attack needs to be approached locally. The exploit
| has been disclosed to the public and may be used. The patch is
| identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is
| recommended to apply a patch to fix this issue. VDB-268790 is the
| identifier assigned to this vulnerability.

https://github.com/gpac/gpac/issues/2872
https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd

CVE-2024-6063[2]:
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master.
| It has been classified as problematic. This affects the function
| m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component
| MP4Box. The manipulation leads to null pointer dereference. An
| attack has to be approached locally. The exploit has been disclosed
| to the public and may be used. The patch is named
| 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply
| a patch to fix this issue. The associated identifier of this
| vulnerability is VDB-268791.

https://github.com/gpac/gpac/issues/2873
https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5

CVE-2024-6064[3]:
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master.
| It has been declared as problematic. This vulnerability affects the
| function xmt_node_end of the file src/scene_manager/loader_xmt.c of
| the component MP4Box. The manipulation leads to use after free.
| Local access is required to approach this attack. The exploit has
| been disclosed to the public and may be used. The name of the patch
| is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf6
| 90567980d96662f5. It is recommended to apply a patch to fix this
| issue. The identifier of this vulnerability is VDB-268792.

https://github.com/gpac/gpac/issues/2874
https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-6061
https://www.cve.org/CVERecord?id=CVE-2024-6061
[1] https://security-tracker.debian.org/tracker/CVE-2024-6062
https://www.cve.org/CVERecord?id=CVE-2024-6062
[2] https://security-tracker.debian.org/tracker/CVE-2024-6063
https://www.cve.org/CVERecord?id=CVE-2024-6063
[3] https://security-tracker.debian.org/tracker/CVE-2024-6064
https://www.cve.org/CVERecord?id=CVE-2024-6064

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found

Bug#782125: marked as done (Support atom Xtra)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #782125,
regarding Support atom Xtra
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
782125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782125
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gpac
Version: 0.5.0+svn5324~dfsg1-1+b3
Severity: minor

It would be nice to support atom Xtra. Currenly it dumps as:

 
 
 
 

Reference implementation is at:
http://code.google.com/p/mp4v2/issues/detail?id=113
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#786733: marked as done (gpac: aac2m4a, some m4a are 1 second long and <1Kb big)

[Debian Bug Tracking System]

Your message dated Sat, 27 Jul 2024 18:34:22 +
with message-id 
and subject line Bug#1076113: Removed package(s) from unstable
has caused the Debian Bug report #786733,
regarding gpac: aac2m4a, some m4a are 1 second long and <1Kb big
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
786733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gpac
Version: 0.5.0+svn5324~dfsg1-1+b3
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

Converting aac files (built by streamripper) to m4a ones.

MP4Box -add foo.acc bar.m4a -new

many files were incapsulated ok, many m4a files are smaller than 1Kb and 
mediainfo says they are long 1 second only hand have a bitrate higher than 
5000bps 

previous release (oldstable repository) convert all aac files to m4a. No files 
smaller than 1kb, no songs shorter than 1 second. I tested same songs!


-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'oldstable'), 
(90, 'testing'), (30, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gpac depends on:
ii  gpac-modules-base0.5.0+svn5324~dfsg1-1+b3
ii  libavcodec-extra-56  6:11.3-1
ii  libavdevice556:11.3-1
ii  libavformat566:11.3-1
ii  libavresample2   6:11.3-1
ii  libavutil54  6:11.3-1
ii  libc62.19-18
ii  libgpac3 0.5.0+svn5324~dfsg1-1+b3
ii  libswscale3  6:11.3-1

gpac recommends no packages.

gpac suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1076113: Removed package(s) from unstable

[Debian FTP Masters]

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

  gpac | 2.2.1+dfsg1-3.1 | source, amd64, arm64, armel, armhf, i386, 
mips64el, ppc64el, riscv64, s390x
gpac-modules-base | 2.2.1+dfsg1-3.1 | amd64, arm64, armel, armhf, i386, 
mips64el, ppc64el, riscv64, s390x
libgpac-dev | 2.2.1+dfsg1-3.1 | amd64, arm64, armel, armhf, i386, mips64el, 
ppc64el, riscv64, s390x
libgpac12t64 | 2.2.1+dfsg1-3.1 | amd64, arm64, armel, armhf, i386, mips64el, 
ppc64el, riscv64, s390x

--- Reason ---
RoQA; orphaned; RC-buggy; lots of CVEs not fixed
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1076...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/1076113

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug#1076113: Removed package(s) from unstable

[Debian FTP Masters]

Version: 2.2.1+dfsg1-3.1+rm

Dear submitter,

as the package gpac has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1076113

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug#1048781:

[ann0...@t-online.de]

Dear Lucas Nussbaum,

 

I am maintainer from upstream and we just recently changed creation of the 
.qm files, so this could impact this bug.

See:

While this may be related to debian only, if you believe that we can fix 
this on our side, please open an issue on our repository too: 




Processing of madwimax_0.1.1-3_source.changes

[Debian FTP Masters]

madwimax_0.1.1-3_source.changes uploaded successfully to localhost
along with the files:
  madwimax_0.1.1-3.dsc
  madwimax_0.1.1-3.debian.tar.xz
  madwimax_0.1.1-3_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

madwimax_0.1.1-3_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 27 Jul 2024 23:40:09 +0200
Source: madwimax
Architecture: source
Version: 0.1.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Petter Reinholdtsen 
Changes:
 madwimax (0.1.1-3) unstable; urgency=medium
 .
   * QA upload.
 .
   * Dropped incorrect component type=desktop from Appstream metadata.
Checksums-Sha1:
 e8dcacb070e0dc10ecc470350f2eae45dba53ffe 1845 madwimax_0.1.1-3.dsc
 ce349befeb9ee44911af05ec3b89987ffd372725 4224 madwimax_0.1.1-3.debian.tar.xz
 39ca02d43a146cd039422b4915fe486d4aba0c65 8695 madwimax_0.1.1-3_source.buildinfo
Checksums-Sha256:
 2b6c6d26654930ac0b35c623a6e2d473c5401ca30fdfcba7c395c42588bb309d 1845 
madwimax_0.1.1-3.dsc
 1481a3098444d16cc378170367a92a2cfa922b0985080105139fad6d073dde68 4224 
madwimax_0.1.1-3.debian.tar.xz
 658e093e40d079a6233f71e6ee05ff66f8e2d1294bf3a418b9d5e0524edef177 8695 
madwimax_0.1.1-3_source.buildinfo
Files:
 b68a15d23903ef565f397b974fc786e2 1845 admin optional madwimax_0.1.1-3.dsc
 065fa7a4fef0ebe1e3105ef2a2316346 4224 admin optional 
madwimax_0.1.1-3.debian.tar.xz
 6c4f902ddd04d61b4b9f5d76c5f196c7 8695 admin optional 
madwimax_0.1.1-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmalaY4ACgkQgSgKoIe6
+w6bLA//XZAMpuXEFvgIYfRn2RXbsIHm2ic4Sgg5HSi/7idRMOvcGOX+BH1kS+E1
TiQ59Fki8JtpXEa5KKy7I0Ewa0/btojcWv7+rY6v/RvYMTz3nMYgbcQc6y0KABrY
pTWWN4EZxNfhrgJbiTPzb3Cpa4LKc/s5rR9yQtXlbp69MwGpXbX/jUnGmgM7oqvL
Cbr2VidKQ3ovv6HgnvA9spea0r2AmXJ+0Evp9CAjQ+hNfYYkM9UJBELqVoI2iKo9
uZUE5l7gsh/c0y2HGBtDR9dRmbnkNTd5QzBkTUUHES+qL95p6KC/VgmoTxJMsG9x
ljjn1uAGLE3kEW59SHEc+faTC36hy1gn/18WE/CxGednvP+Dp6f+/frrzoUqCync
CgPVt4XxySJV/EM5KJ+Hf4Qp2lNLe/ZQzjGzVTN7TcHt+grsIJVMGTf4ajVD8XPD
emxoKNt3LW6fQis3Q9YW/ho7zn2/NQ+sE/M0bdvRVmU3K5lsQ8YRMQohdNSpHMe/
wDmDpQVknxxik4JMCe86rq+F50FinasXRA2Avhd3thwWUIqBET/T9sV0TFPG2KMX
bSDoW5PzpMlspPOwOiGW6wSLU0FbX8s3JQUVhV7iScSbXMuHRlT8JMcpIx423NVp
1CIMQwPDp9iDh8A+J5DgzzLAYC6anQbcU8PeRbj1hmr9VgiHUcQ=
=v9qj
-END PGP SIGNATURE-



pgp08qQ4t1xHB.pgp
Description: PGP signature

hunspell-kk_1.1.2-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 27 Jul 2024 16:13:51 -0700
Source: hunspell-kk
Architecture: source
Version: 1.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Soren Stoutner 
Changes:
 hunspell-kk (1.1.2-2) unstable; urgency=medium
 .
   * QA upload.
   * debian/control:  Add Multi-Arch: foreign.
Checksums-Sha1:
 21ff1a313d9f88f640bd499d40a44a7a8af84b2e 1926 hunspell-kk_1.1.2-2.dsc
 f166a2f0d59cc2311e7d5e2397ba7af80a5f196c 3300 hunspell-kk_1.1.2-2.debian.tar.xz
 2e2c5a2eeaf080b6bc38c5556ee0a7e10995bb46 6567 
hunspell-kk_1.1.2-2_amd64.buildinfo
Checksums-Sha256:
 10eb5039e5e9ca3041bd62414125ea563244b731e0c81e8e255586e6aab5fa2a 1926 
hunspell-kk_1.1.2-2.dsc
 588a80368012698fb63b56f19fb19f026f4634a1e67521e812ddffea97aff920 3300 
hunspell-kk_1.1.2-2.debian.tar.xz
 734dab93cb3f97d3b7432be2d0e792d63c1a8025da33ec2e4dfeb374fdfa07d6 6567 
hunspell-kk_1.1.2-2_amd64.buildinfo
Files:
 a868547c65b20d1e3bf029ec150a3fb3 1926 text optional hunspell-kk_1.1.2-2.dsc
 0e83dca84f0d493bb176ed4a8fddcdca 3300 text optional 
hunspell-kk_1.1.2-2.debian.tar.xz
 d596e9f0367caba5f0f1d4fa21f20899 6567 text optional 
hunspell-kk_1.1.2-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmalgFUACgkQwufLJ66w
tgPuYQ//WRwaU8Uy1VrF6BEnk+GABDp+dGzrp8Tw1bS4Z7E16wUmy9sfePjsoZEX
g1BrkM7dA/YS0ZhNpa4e42GuqP24ZD4ITX0sjd3nuDTfuhDtKtvPCZ1SXsEloJCt
AXS9D/nQusaX6RDFPT2/FwVxQm3m42WPp5W4tqE4a9Rfi7ZSbImXNzIViUsBPZXL
OvBqYsm+FMaT2iLlQZuMyY9VVX34mlrew4tvLd7/ZfvQhpK1P/r4zRgP91H04RE9
drAXH3YIahfwVq0kliLpuL0hhYePfe0+OoQB/mqZkYMn9lx1eEmBlGaeF/bLFspn
+if73raoUPGuLjDAmNj5AmhD5HyanWXTqPgz6Qm/wbZ0bJdZdSHcngtsjPBfhH+x
ZYS5CI2wsoJi+S5ytjCo1/lbeRSZWnHTrjjiJM4HJ14qV02Ag34HE6Q1vIpjOnAE
CFm/onubUSa578NkgmX37V0rJ+/HRv1OQGg5X7cN0RWmdZ5lZ6XZfNfJX6dPNf5H
kM9vDgPkJNknXRI4UkhiCN7aUhF90F5ZY1EugpsHHeML2SY4DZYx2TeHvanZlZyn
NyYoG+JgGZSlItpg/WHjgntKzACdPstbAQsPNAc9ZuC+CRx+TccmXFXa6QMd7LaI
k1oqyejXXqeH25w/lS7mNqX0TENlX64OMglTYfdRaOtpdtFLEck=
=62xk
-END PGP SIGNATURE-



pgpAHWqjBqOms.pgp
Description: PGP signature

Processing of hunspell-kk_1.1.2-2_source.changes

[Debian FTP Masters]

hunspell-kk_1.1.2-2_source.changes uploaded successfully to localhost
along with the files:
  hunspell-kk_1.1.2-2.dsc
  hunspell-kk_1.1.2-2.debian.tar.xz
  hunspell-kk_1.1.2-2_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)