[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 712-1] gst-plugins-bad0.10 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gst-plugins-bad0.10
Version        : 0.10.23-7.1+deb7u3
CVE ID         : CVE-2016-9445 CVE-2016-9446 CVE-2016-9447

CVE-2016-9445
CVE-2016-9446

    Chris Evans discovered that the GStreamer plugin to decode VMware screen
    capture files allowed the execution of arbitrary code. He also found that
    an initialized buffer may lead into memory disclosure.

CVE-2016-9447

    Chris Evans discovered that the GStreamer 0.10 plugin to decode NES
    Sound Format files allowed the execution of arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.23-7.1+deb7u3.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYMOarAAoJEJ1GxIjkNoMCLQMP/ApO9ywh6rk87JyQnDbrS+MJ
Co2A6ASTuJ7v+FEFQQb0CwDt1VH0GXOQby3/F2VGilNhnTsdJfdrKofjaxBcPZ3l
0B51jcjSdWxx3SRbPV6u9KVa/DGp1drUThMGik0cwpJr4zYjO5f6BrBAxcSMPiNH
A6On/iuy8MdYlAy5E0QBT6XPg7V0dJw8v7ve3XBzl8w6ZmtBHLWqXQcL7yDr1tTM
AdvbFj50QX1ym3lF+aLUkhW7QT6aNlJj9hztWvyQOXui7D9jn0mkj7CQP2EgloN+
M++MOKlHkPjgdkNKENrZPzoMBzTi1NwfvY7AsbrY2SyYD2VlbpGFYWrOh3SiyRfs
SkyDx30qVULR0ys+tJeznMWuUZm0llu/q6oh9p0OROhcW6g2vhLroX+WRuIH7APy
GIoz43t5ZtRZReygMd+d5lavUAzdnn9lQsyELwQF74HPTGtYTS4ufFufnw1tlFaD
lZpxg8uCHHYGtzhwDx6/nMGcQkdD6mW3GDEwUeP+OSt+mo+z+UDelh+7iObUfOzv
XPSfcFE8ZUc0JNJoQt/x6McDagQPTXFe7BIY8i+RaoImvj2J7fdKGcVuVz53npn+
Is3EbuLKhw0Gpxol3H5Oo5ePVIvT2Avq0ypigoElY7ZGDhMK+kSd4j3ABtw/HZld
B9A6j+YDtKCWBiHFSgD4
=5DWQ
-----END PGP SIGNATURE-----


Reply to: