severity 994756 important thanks The CVEs mentioned have been assessed as minor issues, likely to only cause the ccextractor command line utility to crash.
The embedded gpac code in ccextractor is mostly limited to just the gpac source code files that ccextractor needs to process video files, so most, if not all, of the code paths in the upstream gpacmp4 directory should be reachable with appropriate test videos. bullseye and buster updates can be made via proposed-updates. Downgrading the bug against bullseye and buster versions to not block migration of the 0.93+ds2-1 fixes into bookworm, reflecting the assessed security impact. -- Neil Williams ============= https://linux.codehelp.co.uk/
pgpntHuAAZ3YQ.pgp
Description: OpenPGP digital signature
