-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Dec 2024 20:08:20 +0000
Source: gstreamer1.0
Architecture: source
Version: 1.18.4-2.1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <gstreamer1.0@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
gstreamer1.0 (1.18.4-2.1+deb11u1) bullseye-security; urgency=medium
.
* Non-maintainer upload by LTS team
* Fix CVE-2024-47606: An integer underflow has been detected
in the function qtdemux_parse_theora_extension within qtdemux.c.
The vulnerability occurs due to an underflow of the
gint size variable, which causes size to hold a large unintended
value when cast to an unsigned integer. This 32-bit
negative value is then cast to a 64-bit unsigned integer
(0xfffffffffffffffa) in a subsequent call to
gst_buffer_new_and_alloc.
Checksums-Sha1:
6e537e1e563f52227ef46f3c0f8367eeafc64f2a 2918 gstreamer1.0_1.18.4-2.1+deb11u1.dsc
7c28ba58cc535c072a5d13d949dc324998df257a 2703948 gstreamer1.0_1.18.4.orig.tar.xz
947485a244856f35e562289c1ed142632e9f45af 45104 gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz
e9d596ed8bd2654062fafb0ec1f00d414c1ce8f9 10352 gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo
Checksums-Sha256:
a3f96ff75866d1fb4020cca3840b8237c3b9c465a4e342be2b138b463228dffa 2918 gstreamer1.0_1.18.4-2.1+deb11u1.dsc
9aeec99b38e310817012aa2d1d76573b787af47f8a725a65b833880a094dfbc5 2703948 gstreamer1.0_1.18.4.orig.tar.xz
96278e726ad970a2af087789216a3f1163e722bb31e15461a9a30b7d8ecd3c32 45104 gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz
23c70013d08016a82404747fd1bd1a4b92039c6beefa4b2fcae525b7ed179f49 10352 gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo
Files:
30400b3188304db34dbe06eda82ee253 2918 libs optional gstreamer1.0_1.18.4-2.1+deb11u1.dsc
fe381e1e910e622fee44692e865f7229 2703948 libs optional gstreamer1.0_1.18.4.orig.tar.xz
eeb49fdbb0ab7199f9df65a16f1ab70f 45104 libs optional gstreamer1.0_1.18.4-2.1+deb11u1.debian.tar.xz
cbc76c08d4a3d32e9dd2a85e1a5de9a0 10352 libs optional gstreamer1.0_1.18.4-2.1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdfOjARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+mTw//RhMuq4B8be1snGAwD5n8YlTAlRfykzGb
gHE2e2mRPQ8Lbtzqm9vf2RMXRarx+RcIQw1iJt8aJLyt+5pQPaWQZmdrioCYqZGC
04ck6whGW7BGUCi3/iad4r+nZ9brJ5pv/+6xQE23o4M/YTJTWCSvnzD0loFPZHk4
aJwu/ACGSMxHwWOCxAqhdkbOZtHAEBuvU3NpcKLuvxELWUzJrfhHx+Cq+qlPyvqU
m2mgKtm2NvMF3e7l7mLNQzUEKDRIKyhnEdq29oBUia18r5L/YAB3lZPMa35iu5Fz
GkMleklNXVQ0gBhGJfEfXGsgEi/Z4p78IdFwNP0/QGUvdjZY8W3eU5IftzJAjLX4
tJ8Nj7uY9MgNzh6IM+xRftXUtIBWnMvujlZWWVHrk2dRbtAOpb5NdLNJYnMsIlNT
3ajsInE2BtFjHary3YXnELFm4lhrxczhwqH+L4P/JzvpDE2gWW8MGjnJj8l9Tc1p
XW26IWoOaIgyDQd2uLQ7JGzjPEOsj3KkK6UWjA9pxhxIfDldYAqCBj1XaRfM5VKs
2OgWN6AjaX5jhF7beDFTLX+hG3cQlMuOSATZgH8HENSf7X5xCQJRG3Dj9YoEGND7
m2JWfc0eT2b9MFH6Q6fD/lPhZxPAaO9wTTBZBOpahkRaf0mr5s8XD7VBvDEtVWnw
dOzUjxEI/XU=
=mcL+
-----END PGP SIGNATURE-----
Attachment:
pgpSgejKhCS8_.pgp
Description: PGP signature