Debian 10260 Published by

The following two updates has been released for Debian GNU/Linux:

DLA 1764-1: mercurial security update
DLA 1765-1: gpac security update



DLA 1764-1: mercurial security update




Package : mercurial
Version : 3.1.2-2+deb8u7
CVE ID : CVE-2019-3902
Debian Bug : #927674

It was discovered that there was a path traversal vulnerability in
the "mercurial" distributed revision version control system.

Symbolic links and subrepositories could be used defeat Mercurial's
path-checking logic and write files outside the repository root.

For Debian 8 "Jessie", this issue has been fixed in mercurial version
3.1.2-2+deb8u7.

We recommend that you upgrade your mercurial packages.




DLA 1765-1: gpac security update




Package : gpac
Version : 0.5.0+svn5324~dfsg1-1+deb8u3
CVE ID : CVE-2019-11221 CVE-2019-11222


Several issues have been found for gpac, an Open Source multimedia
framework. Using crafted files one can trigger buffer overflow issues
that could be used to crash the application.


For Debian 8 "Jessie", these problems have been fixed in version
0.5.0+svn5324~dfsg1-1+deb8u3.

We recommend that you upgrade your gpac packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS