-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Dec 2024 15:58:38 +0000
Source: gst-plugins-base1.0
Architecture: source
Version: 1.18.4-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <gst-plugins-base1.0@packages.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
gst-plugins-base1.0 (1.18.4-2+deb11u3) bullseye-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2024-47538: A stack-buffer overflow has been detected
in the `vorbis_handle_identification_packet`
function within `gstvorbisdec.c`
* Fix CVE-2024-47541: An OOB-write vulnerability has been
identified in the gst_ssa_parse_remove_override_codes
function of the gstssaparse.c file.
* Fix CVE-2024-47542: A null pointer dereference has been
discovered in the id3v2_read_synch_uint function, located
in id3v2.c
* Fix CVE-2024-47600: An OOB-read vulnerability has been
detected in the format_channel_mask function in
gst-discoverer.c
* Fix CVE-2024-47607: A stack-buffer overflow has been
detected in the gst_opus_dec_parse_header function
within `gstopusdec.c'.
* Fix CVE-2024-47615: An OOB-Write has been detected
in the function gst_parse_vorbis_setup_packet within
vorbis_parse.c.
* Fix CVE-2024-47835: A null pointer dereference vulnerability
has been detected in the parse_lrc function within
gstsubparse.c
Checksums-Sha1:
d64e4de3fc8553f62dd9c1671c1de6bc79cb82f3 3738 gst-plugins-base1.0_1.18.4-2+deb11u3.dsc
879dc96692609ac079cd9d05b359882fb9cf7108 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz
0294bc5b29744d398cf6c10c3e20fe60ee8bf7a5 54420 gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz
c3d7a9f4ca7e8adcf56d7f2254a1adb4e5094f8e 18540 gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo
Checksums-Sha256:
c6b3282637f75034a827dc56cf7d76dd4ab8517c9d8ea6e5167b9f72a56b6303 3738 gst-plugins-base1.0_1.18.4-2+deb11u3.dsc
29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323 3169512 gst-plugins-base1.0_1.18.4.orig.tar.xz
993ab576136170543df779d02ad534ecf5534b52564589717885252d26ded99d 54420 gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz
b18fb916bdee10a260b8bed02526333d2e72f5556b3233f969e29142bb0da1a5 18540 gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo
Files:
638ff4ba4811655a388ed99938c125ad 3738 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3.dsc
523336ed6938b8b1004847cbbd5e31cb 3169512 libs optional gst-plugins-base1.0_1.18.4.orig.tar.xz
9834b14e7a31a1d0273ed3f767e86694 54420 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3.debian.tar.xz
a580895b900f18e22f3c54999e700438 18540 libs optional gst-plugins-base1.0_1.18.4-2+deb11u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdm6/0RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/v1RAAi1jDgWplkulLQFYbtxRBtAib4l1Qtenj
XJnf8AqwHPh9z4hFoJZV5K2p5N8CH8SHVrKeuycHtgFtw06AyLMFbtfCLGFahVeV
SkSmT3euV6bSxWMBFvB1cAUAJM2DcJJSt8EE79JAhq+15Ce73CinYZ50kkqvC+12
OY4QOW/UYZ4oB5+vfKYEI87uUoqaYqoKnw9/JsUjOxtYnOzRlehmtubS0nOAc64f
C61OHEuD/i411y/iD/PYP2jQyM0XIL7UWPh4SaJhV+cAr5DXnwho3mc/ZyzQzPPW
cmyFZATuywoSj0hCKv0CWrwJACGIpwVlv8dO3uLXpLTea4i8bB8gmT8rZ3p2YZrB
0obuMMCVfPbK90T2CwROo5FR0LGw7AtBUR8n6m6pnBQJjFx2ZU9yhlUGfdtqSftw
nJYKQU9UdShLV/ESnhpsJYsbAWWIVD6ljCe+UVWT+H5Vp/PwR/E+hR28K6H4Ebn+
LqZOB+zOF0KQgHHPc3FWcX1pULjC4qhqhSUUpipx2aF47aseUykDT/vad1MyqEf9
2XJ9TU1+e0z05pcTFACFr94rc620LYCGklYEmglqHpkWh75uHQ9IpI2Jigi9EFBW
EsIqRoIiOLQfJD7+tshfoz7J6Hmu2/3kG2U8B15YgpcYtJIzwFsI0fa2mG3qIbaU
GsqJZVFo8AM=
=kmIl
-----END PGP SIGNATURE-----
Attachment:
pgpuflORAq91k.pgp
Description: PGP signature