Ubuntu has issued an advisory on March 4: https://ubuntu.com/security/notices/USN-7320-1
Fixes: - CVE-2023-5520: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e - CVE-2024-0321: https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a - CVE-2024-0322: https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70
CVE: (none) => CVE-2023-5520, CVE-2024-0321, CVE-2024-0322Source RPM: (none) => gpac-2.2.1-1.1.mga9.tainted.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. (CVE-2023-5520) Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0321) Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0322) References: https://ubuntu.com/security/notices/USN-7320-1 ======================== Updated packages in tainted/updates_testing: ======================== gpac-2.2.1-1.2.mga9.tainted lib(64)gpac12-2.2.1-1.2.mga9.tainted lib(64)gpac-devel-2.2.1-1.2.mga9.tainted from SRPM: gpac-2.2.1-1.2.mga9.tainted.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref bug 32016 for testing. Tried my hand at the MP4Box command, but couldn't make any sense out of it. My problem... Tried a few gpac options: $ gpac -gui VID-20230610-WA0003.mp4 file plays OK. $ gpac -vbench VID-20230610-WA0003.mp4 System info: 7383 MB RAM - 2 cores - main thread ID -2040425856 Type 'h' in window for command list [isom/avcc] Missing REXT profile signaling, patching. No filter chain found for PID A2 in filter mp4dmx to any loaded filters - NOT CONNECTED Filter stats - 4 filters Filter fin (src=VID-20230610-WA0003.mp4) : 0 input pids 1 output pids 88 tasks 12666 us process time 1 packets sent 5000 bytes sent (78.9515 pck/sec 3.15806 mbps) * output PID VID-20230610-WA0003.mp4: 2 packets sent and some more .... $ gpac -mplay VID-20230610-WA0003.mp4 plays OK. $ gpac -info VID-20230610-WA0003.mp4 [isom/avcc] Missing REXT profile signaling, patching. PID 1 video inMovie inPreview duration 00:57.578 timescale 90000 368x656 fps 90000/2999 SAR 1/1 1679 kbps 1686 frames codec AVC|H264 PL High@3 YUV 4:2:0 8 bpp PID 2 audio inMovie inPreview duration 00:57.193 timescale 48000 48000 Hz 2 channels 256 kbps 2681 frames codec AAC LC (aot=2 implicit) Looks all OK as far as my knowledge goes.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Keywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0090.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED