[SECURITY] [DLA 4219-1] gst-plugins-bad1.0 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4219-1] gst-plugins-bad1.0 security update
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 17 Jun 2025 23:55:45 +0300
Message-id: <[🔎] aFHWUYEngqeBc9JX@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4219-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 17, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0
Version        : 1.18.4-3+deb11u5
CVE ID         : CVE-2025-3887
Debian Bug     : 1106285

A stack buffer-overflow in the H.265 codec parser has been fixed in the 
"bad" set of codecs for the GStreamer multimedia framework.

For Debian 11 bullseye, this problem has been fixed in version
1.18.4-3+deb11u5.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhR1k4ACgkQiNJCh6LY
mLET/BAAg7aE7qTYLGA7wPr/cx6PEpD+CZKgyERJqskfscAnNdKfHngeLYkyyS3C
DU+lw4fjdMf0EpJecBV6XOpnWNDANZCBjUEP9TKbZdqDAEsL0QISq4tAGMZ3AmR+
W86/t2+/e7PdCYrGU1UEeTknLGde7KGyX9p9fmhQVZ5EKU9NkppEAOy5M+tNwnGs
tx8PIwjDRRQ5P708pbH33HVd+W5jLi8T/dxIDd/vjyuTudHK7ogLGtRPvdufPjPb
gH5oyXUGNDx+174/wlpqxVarz7f61AP3ZMlqDv8Z8q0KBEy7FvY50Ql4DzSoPXFG
eDjF0SSByARjslOzlvB/yvvwKtzhkzF35sf1d0E7NvAhWQER8eyGo7qo71QfXhN4
eHP7NJLnm9uv4MTvISHQ2MdhRkDIFVN2d4FQUQgX11YxHHkwrggGqhZyV5tieB5J
j8c8R7xaqQqFRgso6PGLMxTsLuvYKfrpHMYnqo6g/Wz/am2S1IXa9ckjS1CySisA
+A+pY8N2DJGX5jST3sgx7hmAjOkA64hsVRRATq7kMShK/hX1lOxVuqOWQBfmQuky
yFQpSJ77nQfUAcfpQbbdkFThOarkuuwMAymEkt9d/d3nUoVNc4lhIhRNRUzdCd5b
Msu1Cx8vsTMCR1RX3si3SAe4jjrXbPoJuwDKYa0hDCCgVdldjnQ=
=bLl/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4218-1] webkit2gtk security update
Next by Date: [SECURITY] [DLA 4221-1] libblockdev security update
Previous by thread: [SECURITY] [DLA 4218-1] webkit2gtk security update
Next by thread: [SECURITY] [DLA 4221-1] libblockdev security update
Index(es):
- Date
- Thread