[SECURITY] [DLA 4419-1] gst-plugins-good1.0 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4419-1] gst-plugins-good1.0 security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Thu, 25 Dec 2025 23:09:17 +0530
Message-id: <[🔎] CAPP0f94OR_859Bp+mjiwbzkYGi3vF0E_+AApFGkXbjPycBeMMg@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4419-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 25, 2025                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : gst-plugins-good1.0
Version        : 1.18.4-2+deb11u4
CVE ID         : CVE-2025-47183 CVE-2025-47219

Multiple vulnerabilities were found in the plugins for the GStreamer
media framework leading to information disclosure.

CVE-2025-47183

    In GStreamer, the isomp4 plugin's qtdemux_parse_tree function may
    read past the end of a heap buffer while parsing an MP4 file,
    leading to information disclosure.

CVE-2025-47219

    In GStreamer, the isomp4 plugin's qtdemux_parse_trak function may
    read past the end of a heap buffer while parsing an MP4 file,
    possibly leading to information disclosure.

For Debian 11 bullseye, these problems have been fixed in version
1.18.4-2+deb11u4.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmlNdqQACgkQgj6WdgbD
S5ZKJw//Ug+z3NTeexYCOYTL9CFobNV3w2FOPxJlNz7vyaRhtusuq94nDKB8UUBn
E9l3PaOE2nAYIq+HSe5o+gQW7drWQMLVMOiRY/hXfr6e4nDtyZ4Hs6RrmDtluqOo
p5vl/Kt2qC2aWw4/Rq/jahH4WRW4BWwz/if7IB+Ux4RVcT23bx9uKvDdS1H3Qibr
KqWYA0Dq75R//S16RrAUxawJqqXO1VNCO4Zza1qwLop9rHSgORs0dNAxcrtyPKHd
4Cf7Kf8CWka1+yB8mKAqGOrGl83vpTvFYbV5HJdGskti+OlD04Jo0iFbUu02O5cr
0GiWlrRt34Mbsd4AuUkWmtI3wrtOBIAJpgm9Qv8wDygKUCLxgzNl/SdZFmVuPXe3
DE2Gwxov3DnVRVvrVGrlf/oZ1524ZyUuld7r/lWVD+nfyjUn09M3yrgnRt2mdxXB
RroS6a2EQIRiCF77pmB53vjMSaFO0+Hm4Cty4Awoc3Z7Fnqadw8IUBNOkX4bLXsF
Js69NnfeTIv1gUf5tMSYqf8ovxdy041zw3CCGhl3juKoalLtaxQ4ciX3oO5MY6wf
tpb/YP0sIxjHV7SxSSgjEaXbAzQue5AKiP3oR7im1ihIDTDihJdEUOR2OrlD9bcl
YY2Lc8dPjinNxTwQe3TwGI05XoFQ27xn2HezeutuZ84NyzmjJL8=
=Lsbu
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4418-1] python-mechanize security update
Next by Date: [SECURITY] [DLA 4420-1] postgresql-13 security update
Previous by thread: [SECURITY] [DLA 4418-1] python-mechanize security update
Next by thread: [SECURITY] [DLA 4420-1] postgresql-13 security update
Index(es):
- Date
- Thread