Debian has issued an advisory on May 26: https://www.debian.org/security/2023/dsa-5411 It fixes several new security issues. Condensed list is: CVE-2020-35980, CVE-2021-4043, CVE-2021-21852, CVE-2021-3336[13456], CVE-2021-3641[247], CVE-2021-40559, CVE-2021-4056[2-9], CVE-2021-4057[012456], CVE-2021-40592, CVE-2021-4060[689], CVE-2021-40944, CVE-2021-4145[679], CVE-2021-4526[237], CVE-2021-4529[127], CVE-2021-4576[02347], CVE-2021-45831, CVE-2021-4603[89], CVE-2021-4604[012345679], CVE-2021-46051, CVE-2022-1035, CVE-2022-1222, CVE-2022-1441, CVE-2022-1795, CVE-2022-2454, CVE-2022-3222, CVE-2022-3957, CVE-2022-4202, CVE-2022-2457[478], CVE-2022-26967, CVE-2022-2714[57], CVE-2022-29537, CVE-2022-3619[01], CVE-2022-38530, CVE-2022-43255, CVE-2022-45202, CVE-2022-45283, CVE-2022-45343, CVE-2022-47086, CVE-2022-4709[145], CVE-2022-4765[79], CVE-2022-4766[0-3], CVE-2023-0770, CVE-2023-081[89], CVE-2023-0866, CVE-2023-144[89], CVE-2023-1452, CVE-2023-1654, CVE-2023-2837, CVE-2023-283[89], CVE-2023-2840, CVE-2023-2314[3-5] They are hopefully fixed upstream in 2.2.1: https://github.com/gpac/gpac/releases/tag/v2.2.1 which additionally lists: CVE-2023-0358, CVE-2023-0760, CVE-2023-0817, CVE-2023-0841, CVE-2023-1655 as being fixed in that version. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Done for Cauldron, freeze_move requested!
CC: (none) => geiger.david68210
This must be a record for the number of CVEs fixed by one update! Assigning to DavidG since you have already done 1/2 of this - instantly.
Assignee: bugsquad => geiger.david68210CC: geiger.david68210 => (none)
Fixed for cauldron!
Version: Cauldron => 8Source RPM: gpac-2.2.0-1.mga9.tainted.src.rpm => gpac-1.0.1-1.1.mga8.tainted.src.rpmWhiteboard: MGA8TOO => (none)
Debian has issued an advisory on July 14: https://www.debian.org/security/2023/dsa-5452 It adds CVE-2023-3012 and CVE-2023-3291, which will be fixed upstream in 2.2.2.
Version: 8 => CauldronSource RPM: gpac-1.0.1-1.1.mga8.tainted.src.rpm => gpac-2.2.1-1.mga9.tainted.src.rpmWhiteboard: (none) => MGA8TOO
Done for both Cauldron and mga9! Assigning to QA, Packages in 9/Tainted/Updates_testing: ======================= gpac-2.2.1-1.1.mga9.tainted lib64gpac-devel-2.2.1-1.1.mga9.tainted lib64gpac12-2.2.1-1.1.mga9.tainted libgpac-devel-2.2.1-1.1.mga9.tainted libgpac12-2.2.1-1.1.mga9.tainted From SRPMS: gpac-2.2.1-1.1.mga9.tainted.src.rpm
Whiteboard: MGA8TOO => (none)Version: Cauldron => 9Assignee: geiger.david68210 => qa-bugs
Tested on real hardware mageia 9 x86_64 Install current version gpac [core] Creating default credential key in /home/katnatek/.gpac/creds.key, use -cred=PATH/TO_FILE to overwrite Refreshing all options registry, this may take some time ... done Nothing to do, check usage "gpac -h" gpac - GPAC command line filter engine - version 2.2.1-revrelease (c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 Update without issues gpac Nothing to do, check usage "gpac -h" gpac - GPAC command line filter engine - version 2.2.1-revrelease (c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 Some test that need to be done?
CC: (none) => marja11Summary: gpac several new security issues => gpac security issues CVE-2023-3012 CVE-2023-3291CVE: (none) => CVE-2023-3012 CVE-2023-3291
Keywords: (none) => advisory
MGA9-64, Gnome The following 4 packages are going to be installed: - gpac-2.2.1-1.1.mga9.tainted.x86_64 - lib64faad2-2.10.0-2.mga9.tainted.x86_64 - lib64gpac12-2.2.1-1.1.mga9.tainted.x86_64 - lib64xvidcore4-1.3.7-2.mga9.tainted.x86_64 12MB of additional disk space will be used -- I tested the different basic commands using a m4v video. gpac -h gpac -gui gpac -vbench *.* gpac -mplay *.* gpac -play *.* gpac -info *.m* It worked as expected
CC: (none) => brtians1Whiteboard: (none) => MGA9-64-OK
Thanks, guys. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0027.html
Status: NEW => RESOLVEDResolution: (none) => FIXED