[SECURITY] [DLA 3999-1] gst-plugins-base1.0 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3999-1] gst-plugins-base1.0 security update
From: rouca@debian.org
Date: Sat, 21 Dec 2024 18:25:42 +0000
Message-id: <[🔎] 2c3e00a295b961f9ff3a22e34095e21e@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3999-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
December 21, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gst-plugins-base1.0
Version        : 1.18.4-2+deb11u3
CVE ID         : CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 
                 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835

Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.

For Debian 11 bullseye, these problems have been fixed in version
1.18.4-2+deb11u3.

We recommend that you upgrade your gst-plugins-base1.0 packages.

For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdnCCUACgkQADoaLapB
CF/wexAAk+NaB2459zMQUg4UYccWyJ/WKpwjvJm0cd/0Nv/QLIob+ET5aX7Y1+q3
kMv4M0aUwNf+HnDy/BDIGh9aF7imR/vtyuozpq7C3vaa7WCQ7YY+BDLW1s+dGlfh
+SLZlUuwI3GHeny7rqIC3VxVYTaW6mZbEMgqQ/iDcyY0lU3/18vnzpv+TtAMOoZm
6nAqt3ME+10P2BEQlHFYrVvYy9mfQC/5H9XEt5PDFORca5I6T/5+ItnPxraF/WjR
PkEIEJvN/IcLPELvZVbsWB0xF+K8eSfu0XN3V2XT/3QYEZrKLbGVhds7bSeFEhod
ZEgMrdzkMTWHZhPMmAVBP1+u9mLOMQdyJrUQqIp3NveH2XaZABSI1o/a92oUQntD
4gFqdOZaTZc2gC+b+fVBTJVpJp6N480MssVOUFiB75XjbCq4bA2cTwFW4sF4LWXf
/AYwN5cHhV2PgwMRD0GGVMttUvZSNJ7wog+HcJHQV3iUQTs03VHcsZOupiYxyQY3
abpBin+vf6i2qYfW8k0k9s61d7Ux7MTxAFEMiZnnLfRjMbG5L0/2koiKBEPhhOMA
WYQdsruc6A5XM22OTQ8NFH1ZxB1ZbHxszCAFL62nCYn+VAstBJd8Tmjr8xaeUZPN
mg/sS1crGtZZOqK02r6VDm1dA5+XGBBK6XEeqY0bc2ZmJHF+vUg=
=2Jho
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3998-1] python-urllib3 security update
Next by Date: [SECURITY] [DLA 4000-1] sqlparse security update
Previous by thread: [SECURITY] [DLA 3998-1] python-urllib3 security update
Next by thread: [SECURITY] [DLA 4000-1] sqlparse security update
Index(es):
- Date
- Thread